Authentification in my webapp

Hi all. I've built a JSP webapp which uses a authorization/authentification mechanism based on this idea here. Basically, a SecurityRealm is declared in the server.xml file.

It works great, but I need to adapt this so that I don't use the server.xml file, ie. all configuration is done using the web.xml. Can I achieve this, or would I have to completely redesign my whole app?

Thanks!

I think you need to configure the server accordingly by modifying server.xml, as stated there in your refered link.

This might help.

Sorry, but if you read my question you will see that I am trying to move away from configuring the server.xml file.

This is what I was already using, and all require modification of that file.

I dont think any way of doing it without configuring the server.

You can't use Tomcats realms without configuring them in server.xml. And if that's not possible, then you can't use most of the web app security as defined in web.xml either, because that's automatically tied to those realms. It's not hard to roll your own code for Basic HTTP authentication and access some repository for user information, though.

Well I managed it, you can do it without using the server.xml, if you implement this API - SecurityFilter - http://securityfilter.sourceforge.net/

Great stuff.

Gezza, that's indeed a very interesting project. I'm working on a project where the standard web-app security is insufficient (namely, the mapping of resources to be protected was not powerful enough), and this looks a good way to handle that. Thanks for posting the link.

Yes its likely to use security filters, no matter its ready made or one of your own.