I have clarification regarding the user management of Tomcat server.
1. When we make updation of tomcat-users.xml editing through any editor and the tomcat server is started, the new entries are not available immediately for use unless we restart the server. 2. When we make updation of tomcat-users.xml using admin tool of tomcat the values are reflected in the in memory of the tomcat server (i.e. we can use those user details with restarting the tomcat server)
would like to know the mechanism admintool uses to update the in memory of tomcat server whenever there is a new entry of user/role/group in tomcat-users.xml.
Thank you Mr.Ben , i downloaded the source, I will search it.
Would like to know how tomcat maintains the user information across session and how its mapped with the web application using security-constraint tag of web.xml., any web links or tutorial would be of great help.
Security-constraints are driven by the Servlet Spec. There is a link to the spec in my signature.
How a particular container implements the spec is up to the makers of the container. I don't know of any tutorials that explain the inner workings of Tomcat. I think the source code and the documentation on the Tomcat site will be your best bets. http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html