Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

web app security authorization question

 
al langley
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've tested and used the tomcat-user.xml file in conjunction with the <security-constraint> tags in DD to limit access to certain pages. Using this method, I've defined username, passwords and roles in the tomcat-user.xml file.


I was wondering how this is handled in bigger applications where it wouldn't be efficient to declare all users and their passwords in a tomcat-user.xml file.

I'm guessing information such as username, passwords, and roles can be kept in a database and not in a xml file.
My question is, how do you tell a container that a user has a certain role if you don't declare it in tomcat-user.xml?

Thanks
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I use declarative security for small apps.
For larger things, I usually end up writing my own as the login involves fetching and setting up a lot of things.

You can, with Tomcat create JDBC realms to allow you to use declarative security with a database.
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
[ May 14, 2008: Message edited by: Ben Souther ]
 
al langley
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks! much appreciated!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic