• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
Bartenders:
  • Piet Souris
  • Jj Roberts
  • fred rosenberger

Adding New Users

 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So, I am unsure which forum to place this question because I guess it could go in quite a few. But I chose here.

I am using Tomcat that comes with eclipse 3.3.1 and I am using the myeclipse plugin on a x86_64 linux machine.

My problem is as follows:

I am writing a web app that users servlets, pojos and JSPs currently. Usig form based authentication users stored in tomcat-users.xml can login. This works perfectly fine.

But of course, I want new users to be able to join so I have a register link on the sign in page that stores user data in an object. I will be using a series of SQL tables to store user data in but I want the user who just registered to be able become users as long as their data is okay on the register form.

Is there a way to update tomcat-users.xml while the app is running and without interaction from me? Or is there another way I should be doing it. I know that I should not be storing passwords in the sql table.

Thank you
 
Sheriff
Posts: 67641
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you want more flexibility, I'd recommend rolling your own authentication. I've never used the builtin authentication because it's just too limiting.

I know that I should not be storing passwords in the sql table.


I do it all the time. Of course, I pass them through a one-way hash first for security.
[ January 13, 2008: Message edited by: Bear Bibeault ]
 
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you want to store user data in SQL tables, what's the connection to tomcat-users.xml? If you want a file, use MemoryRealm (and thus tomcat-users.xml); if you want a database, use JDBCRealm or DataSourceRealm.

But overall, I agree with Bear - write your own database-based authentication module once, and reuse it wherever you need it (including hashed passwords). That also has the benefit of allowing very fine-grained control over which URLs to protect - something that's not possible with the built-in mechanism.
 
Kevin DesLauriers
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you both for your help. That helps a lot.
 
reply
    Bookmark Topic Watch Topic
  • New Topic