• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

user - role mapping

 
jack nick
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi there,
think i am missing a link over here. have been reading the chapter on developing secure web applications from the manning book. what i dont understand it is how does the descriptor know if it has to which role a user belongs to.
thanks
jack
 
chi Lin
Ranch Hand
Posts: 348
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jack,
If I remember right, these mappings are defined within the tomcat-user.xml under
jakarta_home/conf/tomcat-user.xml
 
jack nick
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
would this mean that this is server specific only to tomcat, cos thats what i presumed tomcat-user.xml file would be doing.... storing tomcat specific user definition.
Jack
 
Amer Khan
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes
 
jack nick
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So how does one get over the portability issues in case we have are using servers other than tomcat? Would there be a similar file in other servers?
 
Amer Khan
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jack;
The task of associating users with passwords and logical roles is server specific,you dont have to change the web.xml file or any of the actual servlet and jsp code to move a secure Web application from system to system, you still have to make custom changes on each system to set up the users and passwords.
'Do't worry,be Happy'
Amer
 
jack nick
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks mate, now that makes it more clear to me.
Jack
 
zb cong
Ranch Hand
Posts: 416
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if there any way to config the container to get the user and role information from database?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic