Many server have facility to create users, group and assign roles. (typically stored in xml file, eg tomcat-users.xml). What should I do in my appln so that people can use the on-line form and create a default user/group/role for themselves? Should the appln access the xml file and write to it?
The XML solution is a quick hack to provide this functionality, it is better use a database or LDAP server to maintain this data if you're serious about it. I'm not sure whether editing the file would help, you may find that Tomcat caches the Role data and doesn't load it again. If this is true, it would prevent you from dynamically adding users or assigning roles. The database is easier in the short-term, but I prefer LDAP to store this data since this is what LDAP is designed for.
Joined: Oct 31, 2003
thanks for the reply. If I'm going to store a new user account in the database, then I dont really use the user/group/role features provided by the server??? Are you saying that user/group/role features provided by the server is not dynamic and that if a new user is to be added, only the administrator got to do this manually and restart the server?
No, I suspect that the authorisation support provided by XML files may not be dynamic, but I'd be happy to be proven wrong. I've never bothered to try it. If I'm going to store a new user account in the database, then I dont really use the user/group/role features provided by the server??? You store the data in the database, then map those settings to the server. Once the server knows all it needs, it can provide configuration-based authentication and authorisation.