• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how can i set password in web.xml

 
Niu Xiuyuan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
<role-name>role1</role-name>
</auth-constraint>
this is one part in web.xml dd file, i just can define roles but can't define the password corresponding with roles.how can help?
 
Axel Janssen
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Niu,
there is a file called tomcat-users.xml in the conf under tomcat-root.
There you can insert users and map those users to roles.
(There are allready example users in the file)
This is for separating programmer and deployer role. The programmer can use reusable roles in his app and its the responsability of the deployer or the administrator to map those roles to actual users.
In commercial app-servers you are not constrained to such a simple file-based user-administration. You can use ldap or rdbms. But the mechanism stays the same. The roles are mapped to actual users at deployment time.
Axel
 
Axel Janssen
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
found that ressource about tomcat and security:
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html
Havent tested, but looks very good. JDBC realms are not part of the exam as far as I know. But there seems to be a good example about using tomcat-users.xml
Axel
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic