• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Web App Security

 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I just finished reading the chapter on Web App Security in HFSJ.

I will like to know whether new J2EE project actually do specify/use "<security-constraint>" in web.xml file or there are better and newer ways of achieving authentication and authorization.Listing all users and roles in "tomcat-users.xml" seems a bit tacky to me a better approach to me will be to use a database to store users and roles.


Will specify my users and roles in a database make most of the work(authentication and authorization) done by the container using "<security-constraint>" unnecessary?

It seems like the only important tag I may use if I'm to define my users and roles in a database will be "<user-data-constraint>", someone correct me if I'm wrong.

When I use a <login-config> is the user name and password compared with what is in tomcat-users.xml by the container or I have to retrieve these two parameters and do the comparison myself.
 
Bartender
Posts: 4116
72
Mac TypeScript Chrome Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Moses Marfo wrote:...Listing all users and roles in "tomcat-users.xml" seems a bit tacky to me a better approach to me will be to use a database to store users and roles.


That's an in-memory realm, of course you can have JDBC realms. Check the Tomcat documentation.

When I use a <login-config> is the user name and password compared with what is in tomcat-users.xml by the container or I have to retrieve these two parameters and do the comparison myself.


Yes, by the container.
 
Moses Marfo
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks
Vijitha
 
Onion rings are vegetable donuts. Taste this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic