Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

form authenticaiton using https

 
nisu pathak
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello ,i am implementing form authentication using https.but i am not sure where to place tomcat-config.xml file & what is the role of server.xml file .i am using eclipse ide.can anyone help me out .i am posting my code as follows:

login.html


web.xml file:




TestServlet.java



WebContent->WEB-INF->tomcat-users.xml





need help
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18098
50
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Eclipse has little to do with it other than that the WTP Tomcat runner makes a mess of things. I use the sysdeo plug-in instead, as it uses Tomcat's actual configuration information instead of an incomplete and easily-outdated clone the way the WTP plugin does.

Tomcat's server.xml is the master configuration file for Tomcat. It contains the elements that wire Tomcat's components together into an actual webapp server as well as server-global definitions. You can also define webapp contexts in server.xml, but you should not. Webapp contexts should either be defined as a separate META-INF/context.xml file in the webapp WAR or as an xml file in TOMCAT_HOME/conf/Catalina/localhost.

Security can be defined either at the global level (server.xml) or at the per-application level (context). Usually I do it at the context level, unless there's a site-wide security policy in effect or I'm using a Single Signon configuration (which, by definition is global).

The actual authentication and authorization for container-managed (J2EE standard) security is managed by the security Realm. The Realm uses plug-in components to allow a wide variety of choices for security references, including text files such as tomcat-users.xml, databases, LDAP/Active Directory and more (including custom plug-ins).

The tomcat-users.xml file was originally created for the Tomcat MemoryRealm plugin. I believe that the actual location of this file was configurable, but the default location was the TOMCAT_HOME/conf directory where server.xml also resides. The MemoryRealm is not really designed for production work. For one thing, if you wanted to add a user or change a role, you had to not only edit the tomcat-users.xml file, you had to restart Tomcat, since this file was only read at startup. Plus, as far as I know, it thereafter resided in RAM, so lots and lots of users and roles would make it eat into memory otherwise usable for webapps.

Since about Tomcat 6, one or 2 other Realm plugins were added that can also read tomcat-users.xml but are more flexible about it. However, the best use for MemoryRealm and its relatives is for testing or very small simple sites with few users. Serious production sites will generally want to employ a database or directory server or something whose uses go beyond the local server.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic