Hi all. I've built a JSP webapp which uses a authorization/authentification mechanism based on this idea here. Basically, a SecurityRealm is declared in the server.xml file.
It works great, but I need to adapt this so that I don't use the server.xml file, ie. all configuration is done using the web.xml. Can I achieve this, or would I have to completely redesign my whole app?
You can't use Tomcats realms without configuring them in server.xml. And if that's not possible, then you can't use most of the web app security as defined in web.xml either, because that's automatically tied to those realms. It's not hard to roll your own code for Basic HTTP authentication and access some repository for user information, though.
Gezza, that's indeed a very interesting project. I'm working on a project where the standard web-app security is insufficient (namely, the mapping of resources to be protected was not powerful enough), and this looks a good way to handle that. Thanks for posting the link.
Joined: Aug 15, 2004
Yes its likely to use security filters, no matter its ready made or one of your own.