I am studying the security part of HFSJ. In that they have mapped the users in tomcat-users.xml to DD <security-role> element in web.xml.
I am wondering how can we add all the user id and their password in the tomcat-users.xml. whenever a new user is registering, we have to edit the tomcat-users.xml and restart the application will be painful.
Although it is vendor specific, I want to know how we can map the DD <security-role> from the user id and password in the DB.
When a new user is registering, I am capturing his/her user id and password and store it in the DB. How can I configure the <security-role> element in web.xml? Please advice. Any links/material dealing with this will be more helpful.(though I prefer DB rather LDAP, as I am trying out in my personal pc)
Originally posted by Mike Thomson: How can I configure the <security-role> element in web.xml? Please advice.
You only need to declare security roles in web.xml to map roles to web-resource-collections. Since you should not be creating roles on the fly, you don't need to touch web.xml. Your user database should map a user to a particular role. Tomcat Documentation: JDBCRealm Configuration