This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Implementing basic security mechanism

 
sandeep yel
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am exploring the possibility of implementing basic security mechanism in my web applicationg using tomcat.

I want to know if there is a way to update tomcat-users.xml programmatically - meaning do tomcat provide APIs to update tomcat-users.xml

Any help/advice is most welcomed.

Thanks
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The tomcat-users.xml file is just xml so it's always possible to update it programmatically but it's only read when Tomcat starts up.

The memory realm was only put there to serve as an introduction to realms.
It it assumed that most production apps will switch to a JDBC or JNDI type realm. Tomcat provides the interface org.apache.catalina.Realm that you can use to implement your own if none of the provided ones provide what you need.

From: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html

MemoryRealm

Introduction

MemoryRealm is a simple demonstration implementation of the Tomcat 6 Realm interface. It is not designed for production use. At startup time, MemoryRealm loads information about all users, and their corresponding roles, from an XML document (by default, this document is loaded from $CATALINA_HOME/conf/tomcat-users.xml). Changes to the data in this file are not recognized until Tomcat is restarted.

[ January 22, 2008: Message edited by: Ben Souther ]
 
sandeep yel
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is it possible to reread tomcat-users.xml into an application without restarting tomcat?

While using "Tomcat Administrative Tool" I found that I can add a new user with admin role and also get logged in with new user/password.

Can someone provide a clue as to how this can be achieved.

Thanks
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Tomcat Admin app runs as a privileged app and probably accesses the memory realm objects directly.
The nice thing about open source projects is that, if you want to know how they do something, you can grab the source and see for yourself.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're serious about mucking around with the MemoryRealm (and you should really use a more serious Realm implementation, like DataSourceRealm), you might want to read this article I wrote a while back. The section titled "Integration with Tomcat Realms" explains how to extend MemoryRealm with custom functionality.
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic