• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentification in my webapp

 
Gezza Hall
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all. I've built a JSP webapp which uses a authorization/authentification mechanism based on this idea here. Basically, a SecurityRealm is declared in the server.xml file.

It works great, but I need to adapt this so that I don't use the server.xml file, ie. all configuration is done using the web.xml. Can I achieve this, or would I have to completely redesign my whole app?

Thanks!
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think you need to configure the server accordingly by modifying server.xml, as stated there in your refered link.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This might help.
 
Gezza Hall
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, but if you read my question you will see that I am trying to move away from configuring the server.xml file.

This is what I was already using, and all require modification of that file.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I dont think any way of doing it without configuring the server.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can't use Tomcats realms without configuring them in server.xml. And if that's not possible, then you can't use most of the web app security as defined in web.xml either, because that's automatically tied to those realms. It's not hard to roll your own code for Basic HTTP authentication and access some repository for user information, though.
 
Gezza Hall
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well I managed it, you can do it without using the server.xml, if you implement this API - SecurityFilter - http://securityfilter.sourceforge.net/

Great stuff.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Gezza, that's indeed a very interesting project. I'm working on a project where the standard web-app security is insufficient (namely, the mapping of resources to be protected was not powerful enough), and this looks a good way to handle that. Thanks for posting the link.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes its likely to use security filters, no matter its ready made or one of your own.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic