So, I am unsure which forum to place this question because I guess it could go in quite a few. But I chose here.
I am using Tomcat that comes with eclipse 3.3.1 and I am using the myeclipse plugin on a x86_64 linux machine.
My problem is as follows:
I am writing a web app that users servlets, pojos and JSPs currently. Usig form based authentication users stored in tomcat-users.xml can login. This works perfectly fine.
But of course, I want new users to be able to join so I have a register link on the sign in page that stores user data in an object. I will be using a series of SQL tables to store user data in but I want the user who just registered to be able become users as long as their data is okay on the register form.
Is there a way to update tomcat-users.xml while the app is running and without interaction from me? Or is there another way I should be doing it. I know that I should not be storing passwords in the sql table.
If you want to store user data in SQL tables, what's the connection to tomcat-users.xml? If you want a file, use MemoryRealm (and thus tomcat-users.xml); if you want a database, use JDBCRealm or DataSourceRealm.
But overall, I agree with Bear - write your own database-based authentication module once, and reuse it wherever you need it (including hashed passwords). That also has the benefit of allowing very fine-grained control over which URLs to protect - something that's not possible with the built-in mechanism.