wood burning stoves
The moose likes Servlets and the fly likes web app security authorization question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "web app security authorization question" Watch "web app security authorization question" New topic

web app security authorization question

al langley
Ranch Hand

Joined: Mar 28, 2008
Posts: 35
I've tested and used the tomcat-user.xml file in conjunction with the <security-constraint> tags in DD to limit access to certain pages. Using this method, I've defined username, passwords and roles in the tomcat-user.xml file.

I was wondering how this is handled in bigger applications where it wouldn't be efficient to declare all users and their passwords in a tomcat-user.xml file.

I'm guessing information such as username, passwords, and roles can be kept in a database and not in a xml file.
My question is, how do you tell a container that a user has a certain role if you don't declare it in tomcat-user.xml?

Ben Souther

Joined: Dec 11, 2004
Posts: 13410

I use declarative security for small apps.
For larger things, I usually end up writing my own as the login involves fetching and setting up a lot of things.

You can, with Tomcat create JDBC realms to allow you to use declarative security with a database.
[ May 14, 2008: Message edited by: Ben Souther ]

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
al langley
Ranch Hand

Joined: Mar 28, 2008
Posts: 35
Thanks! much appreciated!
I agree. Here's the link: http://aspose.com/file-tools
subject: web app security authorization question
It's not a secret anymore!