Meaningless Drivel is fun!*
The moose likes Servlets and the fly likes Security with user data from db Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security with user data from db" Watch "Security with user data from db" New topic
Author

Security with user data from db

Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
hello,

i am reading head first Servlet & Jsp right now and have finished the chapter on security ...

now, it says that the users and roles are declared in the tomcat-users.xml which is somewhat cumbersome and awkward since in real development you would use a database to store user relevant information.

The thing that i need to know, how do you tell the container to retrieve the user and roles data from a database rather than from the xml file?

thanks for your help


JDBCSupport - An easy to use, light-weight JDBC framework -
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
Just make use of container managed realm.

In case of Tomcat you may find this document useful: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
RaviNada Kiran
Ranch Hand

Joined: Jan 30, 2009
Posts: 528
Sebastian Janisch wrote:

now, it says that the users and roles are declared in the tomcat-users.xml which is somewhat cumbersome and awkward since in real development you would use a database to store user relevant information.



I too don't know much about tomcat-users.xml , but surely he is not talking about the DB user names and passwords. This XML file typically refers to the login information related to the server.

Google on to tomcat-users.xml


If you want something you never had do something which you had never done
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
Yes, tomcat-users.xml only applies to the admin/management console of Tomcat server. It has nothing to do with authentication of the running webapplications.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Security with user data from db
 
Similar Threads
authentication in jboss
Security Features in Tomcat
Using badges to authorize web app access
Declarative security : mapping user to security roles
Integrating Tomcat security with servlet filter security