File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Constraint

 
JiaPei Jen
Ranch Hand
Posts: 1309
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do not fully understand how security constraint works. For example, I have the <security-constraint> and <security-role> tags as follows:

My database contains the information of all registered members:

Advisors will be directed to Page A, editors will be directed to Page E and contributors will be directed to Page C depending on the returning value of the method isUserInRole(). But, I do not know how to use isUserInRole().
For example, after John fills out the username and password in the logon form, I search the database to see if there is John in the database and I verify the "read in" password. The information regarding the "role" of John can only be found in the database. The method isUserInRole takes contributor/editor/advisor/administrator as its parameter. I am missing the link between John and his role as a contributor and isUserInRole().
I use the Tomcat.
[ October 03, 2003: Message edited by: JiaPei Jen ]
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are trying to manage authentication manually, but you need to configure Tomcat so that it manages it for you. I haven't dne it in Tomcat for quite a while, but you need to have a look at the Tomcat JDBCRealm in the REALM HOW-TO to hook in authentication details when they are kept in the database.
Dave
 
Sainudheen Mydeen
Ranch Hand
Posts: 218
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi JiaPei Jen
As David mentioned you are trying manually. I think you have to work with the tomcat-users.xml file which is located in <tomcat-root>\conf directory. This file already have some username,password and role information in it.

You can add new users and use those methods.
-------------
Sainudheen
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, you only use the tomcat-users.xml file if you are using the "MemoryRealm" Realm for Tomcat. See the link I posted above. The JDBCRealm uses tabase tables and not files. I don't think you can mix the two.
Dave
 
JiaPei Jen
Ranch Hand
Posts: 1309
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I followed the instructions on using the JDBCRealm. However, I could not start the Tomcat server after I inserted

within the <Engine> tag in the $CATALINA_HOME/conf/server.xml file.
I first inserted the aforementioned Realm within the <context> tag in the $CATALINA_HOME/conf/server.xml and I was unable to start the Tomcat server. I then moved the Realm inside the <Engine> tag, but it did not help.
By the way, do you think the user and password given in the JDBCRealm are correct? I configured database username and password for use by Tomcat in the $CATALINA_HOME/conf/server.xml this way:

And I have used this database many times without problem.
[ October 07, 2003: Message edited by: JiaPei Jen ]
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic