wood burning stoves 2.0*
The moose likes Tomcat and the fly likes Adding New Users Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Adding New Users" Watch "Adding New Users" New topic
Author

Adding New Users

Kevin DesLauriers
Ranch Hand

Joined: Nov 28, 2005
Posts: 43
So, I am unsure which forum to place this question because I guess it could go in quite a few. But I chose here.

I am using Tomcat that comes with eclipse 3.3.1 and I am using the myeclipse plugin on a x86_64 linux machine.

My problem is as follows:

I am writing a web app that users servlets, pojos and JSPs currently. Usig form based authentication users stored in tomcat-users.xml can login. This works perfectly fine.

But of course, I want new users to be able to join so I have a register link on the sign in page that stores user data in an object. I will be using a series of SQL tables to store user data in but I want the user who just registered to be able become users as long as their data is okay on the register form.

Is there a way to update tomcat-users.xml while the app is running and without interaction from me? Or is there another way I should be doing it. I know that I should not be storing passwords in the sql table.

Thank you
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60773
    
  65

If you want more flexibility, I'd recommend rolling your own authentication. I've never used the builtin authentication because it's just too limiting.

I know that I should not be storing passwords in the sql table.

I do it all the time. Of course, I pass them through a one-way hash first for security.
[ January 13, 2008: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41085
    
  43
If you want to store user data in SQL tables, what's the connection to tomcat-users.xml? If you want a file, use MemoryRealm (and thus tomcat-users.xml); if you want a database, use JDBCRealm or DataSourceRealm.

But overall, I agree with Bear - write your own database-based authentication module once, and reuse it wherever you need it (including hashed passwords). That also has the benefit of allowing very fine-grained control over which URLs to protect - something that's not possible with the built-in mechanism.


Ping & DNS - my free Android networking tools app
Kevin DesLauriers
Ranch Hand

Joined: Nov 28, 2005
Posts: 43
Thank you both for your help. That helps a lot.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Adding New Users
 
Similar Threads
Form Based Authentication using SSL/TLS in JBOSS
Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied
Authentication&Authorization
Unable to login to manager GUI
Declarative security : mapping user to security roles