aspose file tools*
The moose likes Servlets and the fly likes What Is login-config  Tag And How To Use It? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "What Is login-config  Tag And How To Use It?" Watch "What Is login-config  Tag And How To Use It?" New topic
Author

What Is login-config Tag And How To Use It?

JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
What is the function of <login-config> in the web.xml file? I suppose it asks the visitors to give username and password to log in and then visitors can start navigating the web site. Is it right?
I checked the Servlet specification and noticed that we can specify <auth-method> and <realm-name> inside the <login-config> tag.
1. How do we use the <auth-method>?
2. Must there be a real method somewhere in the application to match what is in the <auth-method> tag?
3. How do we specify <realm-name>? Can we simply give any name?
4. If the <login-config> does ask username and password for visitors to log in, where do we put valid username and password?
5. Where is the most convenient place to put one pair of username and password for the developer to test the development version of the application (not production version)?
Simply take the following code for example:

Sorry for dumping so many questions. Thank you in advance.
[ September 18, 2003: Message edited by: JiaPei Jen ]
Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
1. How do we use the <auth-method>?
use <login-config>

2. Must there be a real method somewhere in the application to match what is in the <auth-method> tag?
no. you can use BASIC, DIGEST, CLIENT-CERT, FORM. You're specifying here wich mechanism you want to use for authentication.

3. How do we specify <realm-name>? Can we simply give any name?
the users you want to authenticate should belong to a realm. For example, and employee can belong to the realm manager (in case this employee is indeed a manager). I think is tomcat-users.xml where you specify that, it's container dependent. Yes, you can give it a name.

4. If the <login-config> does ask username and password for visitors to log in, where do we put valid username and password?
same as question 3. I'm not sure, but I think is tomcat-users.xml. If you're using other container, refer to the documentation.
5. Where is the most convenient place to put one pair of username and password for the developer to test the development version of the application (not production version)?
answer 3, 4
Hope this helps


I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
Thanks a lot, Andres, I got it.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: What Is login-config Tag And How To Use It?