File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Authentication users not in tomcat-users.xml Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Authentication users not in tomcat-users.xml" Watch "Authentication users not in tomcat-users.xml" New topic

Authentication users not in tomcat-users.xml

Remko Strating
Ranch Hand

Joined: Dec 28, 2006
Posts: 893
I hope that what i want is possible in tomcat.

I want the use a simple authorization which is described in HFSJ in Apache Tomcat for a webapplication. Normally I do the authentication with users stored in a database, but I want this application to be database independent, so that's not possible.

In HFSJ they describe that you have to adjust tomcat-users.xml file. I don't want to do that, I want all the information just stored in my web.xml file.

Remko (My website)
SCJP 1.5, SCWCD 1.4, SCDJWS 1.4, SCBCD 1.5, ITIL(Manager), Prince2(Practitioner), Reading/ gaining experience for SCEA,
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
No, that's not possible. The contents of the web.xml file are defined by the servlet specification, and authentication information has no place in it.

That's one of the areas left blank by the spec: where and how a servlet container can find user information. So every container has its own mechanism.
Remko Strating
Ranch Hand

Joined: Dec 28, 2006
Posts: 893
Thanks for your answer. Maybe they will solve that later in spec.

The problem now is that I've to adjust a file which is not part of my war file. I will have to adjust my installation script by changing the tomcat-users.xml file.
I agree. Here's the link:
subject: Authentication users not in tomcat-users.xml
It's not a secret anymore!