This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes What Is login-config  Tag And How To Use It? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "What Is login-config  Tag And How To Use It?" Watch "What Is login-config  Tag And How To Use It?" New topic
Author

What Is login-config Tag And How To Use It?

JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
What is the function of <login-config> in the web.xml file? I suppose it asks the visitors to give username and password to log in and then visitors can start navigating the web site. Is it right?
I checked the Servlet specification and noticed that we can specify <auth-method> and <realm-name> inside the <login-config> tag.
1. How do we use the <auth-method>?
2. Must there be a real method somewhere in the application to match what is in the <auth-method> tag?
3. How do we specify <realm-name>? Can we simply give any name?
4. If the <login-config> does ask username and password for visitors to log in, where do we put valid username and password?
5. Where is the most convenient place to put one pair of username and password for the developer to test the development version of the application (not production version)?
Simply take the following code for example:

Sorry for dumping so many questions. Thank you in advance.
[ September 18, 2003: Message edited by: JiaPei Jen ]
Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
1. How do we use the <auth-method>?
use <login-config>

2. Must there be a real method somewhere in the application to match what is in the <auth-method> tag?
no. you can use BASIC, DIGEST, CLIENT-CERT, FORM. You're specifying here wich mechanism you want to use for authentication.

3. How do we specify <realm-name>? Can we simply give any name?
the users you want to authenticate should belong to a realm. For example, and employee can belong to the realm manager (in case this employee is indeed a manager). I think is tomcat-users.xml where you specify that, it's container dependent. Yes, you can give it a name.

4. If the <login-config> does ask username and password for visitors to log in, where do we put valid username and password?
same as question 3. I'm not sure, but I think is tomcat-users.xml. If you're using other container, refer to the documentation.
5. Where is the most convenient place to put one pair of username and password for the developer to test the development version of the application (not production version)?
answer 3, 4
Hope this helps


I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
Thanks a lot, Andres, I got it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: What Is login-config Tag And How To Use It?
 
Similar Threads
DD entries for authentication
Resin DB-pooling + authentication. HELP!
Realm question
Windows Authentication Using Tomcat 5.0
access control with realm db