wood burning stoves*
The moose likes Servlets and the fly likes web app security authorization question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "web app security authorization question" Watch "web app security authorization question" New topic
Author

web app security authorization question

al langley
Ranch Hand

Joined: Mar 28, 2008
Posts: 35
I've tested and used the tomcat-user.xml file in conjunction with the <security-constraint> tags in DD to limit access to certain pages. Using this method, I've defined username, passwords and roles in the tomcat-user.xml file.


I was wondering how this is handled in bigger applications where it wouldn't be efficient to declare all users and their passwords in a tomcat-user.xml file.

I'm guessing information such as username, passwords, and roles can be kept in a database and not in a xml file.
My question is, how do you tell a container that a user has a certain role if you don't declare it in tomcat-user.xml?

Thanks
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

I use declarative security for small apps.
For larger things, I usually end up writing my own as the login involves fetching and setting up a lot of things.

You can, with Tomcat create JDBC realms to allow you to use declarative security with a database.
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
[ May 14, 2008: Message edited by: Ben Souther ]

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
al langley
Ranch Hand

Joined: Mar 28, 2008
Posts: 35
Thanks! much appreciated!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: web app security authorization question