Some points that may help you:
-
This page talks about how to set up Realms in Tomcat. You didn't mention where your user database lives; the simplest way would be an XML file called conf/tomcat-users.xml, in which case you need to configure a MemoryRealm.
- Some starting points how to configure your web.xml file
can be found here, or, of course, in the
servlet specification.
- Whenever you make a change to web.xml, the web application needs to be restarted to pick up those changes. Tomcat does not need to be restarted.
If you use MemopryRealm, though, the whole Tomcat server needs to be restarted.
- I'm not sure about your question concerning an XML parser. web.xml is an standard XML file; you can modify it with any DOM tool you like (XOM, JDOM, DOM, ...), but a parser alone will not be sufficient.
But you still need to restart the web app, no matter how you modify the file.
- To sum it up: If you want to change dynamically which pages are protected, and which users can see those, the standard security features of web apps are insufficient - you need to implement something yourself. If you just need to add new users or remove them at runtime, use a JDBCRealm, which looks up authorized users in a database.
[ August 26, 2005: Message edited by: Ulf Dittmer ]