Authentication users not in tomcat-users.xml

I hope that what i want is possible in tomcat.

I want the use a simple authorization which is described in HFSJ in Apache Tomcat for a webapplication. Normally I do the authentication with users stored in a database, but I want this application to be database independent, so that's not possible.

In HFSJ they describe that you have to adjust tomcat-users.xml file. I don't want to do that, I want all the information just stored in my web.xml file.

No, that's not possible. The contents of the web.xml file are defined by the servlet specification, and authentication information has no place in it.

That's one of the areas left blank by the spec: where and how a servlet container can find user information. So every container has its own mechanism.

Thanks for your answer. Maybe they will solve that later in spec.

The problem now is that I've to adjust a file which is not part of my war file. I will have to adjust my installation script by changing the tomcat-users.xml file.