This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Applying Security to Servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Applying Security to Servlets" Watch "Applying Security to Servlets" New topic
Author

Applying Security to Servlets

Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
I am studying the security part of HFSJ. In that they have mapped the users in tomcat-users.xml to DD <security-role> element in web.xml.

I am wondering how can we add all the user id and their password in the tomcat-users.xml. whenever a new user is registering, we have to edit the tomcat-users.xml and restart the application will be painful.

Although it is vendor specific, I want to know how we can map the DD <security-role> from the user id and password in the DB.

When a new user is registering, I am capturing his/her user id and password and store it in the DB. How can I configure the <security-role> element in web.xml? Please advice. Any links/material dealing with this will be more helpful.(though I prefer DB rather LDAP, as I am trying out in my personal pc)
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8843
    
    7

Originally posted by Mike Thomson:
How can I configure the <security-role> element in web.xml? Please advice.


You only need to declare security roles in web.xml to map roles to web-resource-collections. Since you should not be creating roles on the fly, you don't need to touch web.xml. Your user database should map a user to a particular role.
Tomcat Documentation: JDBCRealm Configuration


"blabbing like a narcissistic fool with a superiority complex" ~ N.A.
[How To Ask Questions On JavaRanch]
Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
Thanks Joe for your reply.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Applying Security to Servlets
 
Similar Threads
action="j_security_check"
security constraint - not working
Using ROLES defined in a database in th DD
security issue
security-role-ref element