Hi, I plan to create a website with a login page using form-based authentication. I'm using Tomcat as a stand-alone application server for learning. I see that I can add a user and role inside Tomcat_user_role.xml (not sure of exact name) file so that the server would use that to check against when user inputed in the user/password input fields. However, I see other programmers (.NET) do not use xml for their user/password or role entries because they store them in the database and dynamically add roles inside their web app. Somehow, they also use form authentication this way: User inputs username/password --> They click submit and a class verifies the user against the database --> If valid, they tell their framework that the user is valid and the framework allows them to login. This sequence was used by a .NET programmer, I assume we can do the same in Java.
I was wondering what the best approach is for my project. I'm a little lost right now, I'm relatively new in web developement, so please reply with as much detail as possible (good tutorial links are good too).
Thanks so much, Carmen [ July 26, 2006: Message edited by: Bear Bibeault ]
It describes "Realms" which are basically different ways of looking up usernames/passwords/roles to do the authentication. You are currently using a "Memory Realm" - loaded into memory from an XML file. If you want to use a database, you need to configure a "JDBC Realm" defining the database.
The nice thing about this is, it doesn't matter which realm you configure your application to use, the rest of the code remains the same.