• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Web app security and tomcat-users.xml

 
Kedar Dravid
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In the HFSJ chapter on Web application security, it is mentioned that we can define roles and corresponding users using the tomcat-users.xml file and the <security-role> tag in the DD. This, as I understand, is declarative security.
Now, in most of the web apps that I work on, we generally have separate tables for users and roles, called say, user_master and role_master respectively.
So, now if I use the vendor-specific declarative security mechanism (as mentioned above), does it mean that I no longer need to create the master tables?
In fact, the users are picked from SAP database.
Kindly shed some light on how decalarative security mechanism would actually be used in practice, possibly w.r.t. the above scenario.
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

The Tomcat use the .xml file by default to maintain the users and roles. But you can use other mechanism to maintain the users and roles like JDBC using database tables. Please refer the security chapter in Tomcat documetation. There are plenty of examples.

thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic