I have a web resource, i specify the <auth-method> as BASIC, so whenever tries to access my page it shows him a dialog box to enter the username and the password. When the web server checks for the authenitcity of the user, where does it check ? because all my user information is database.
have a llok at here
replace the use of HashTable with the database u have...
When using decarative security (like you do - via deployment descriptor) the location of usernames and passwords is server specific. If you use Tomcat look for file named tomcat-users.xml in conf directory. If not, tell me which server do you use, we'll work somethig out.
BTW, try to avoid BASIC authentication. Use Form-based instead.
Besides, it shouldn't be a problem to edit tomcat-users.xml programmaticly.
anyways, i am not prone to use BASIC auth i used it once. i use form base auth as well. all of them are more or less same w/ pros/cons.
and, Baruch, I use iPlanet 4.1 as a webserver which lacks XML based configuration (so called WAR) architecture i would love to have that which is not possible for the company but thats irrelavent here.
Originally posted by chanoch wiggers:
why avoid basic? form is no more secure since they both pass the username and password in plain text to the servlet.
also, you dont have to use the tomcat-users.xml file = tomcat has a JDBC Realm that allows you to authenticate against the details in the db.
Can anyone provide information as to how this is done ? I need to replace a web application (Perl/CGI/Apache) which is doing authentication with a database table. I can find many examples of doing the authentication in Tomcat using tomcat-users.xml, but I am having a hard time finding any information on how you get the "j_security_check" of the login form to go to the database to do the authentication. For example how do you specify the URL/username/password for the database connection ? How do you specify the table to use, and how do you tell it which columns in the database table map to the username and password fields ?
I am developing this application to be deployed on JBoss 3.2.3, which (I think) has Tomcat as its default web container. The database is Oracle 8i.
Thanks in advance for any insight. Any references to online examples or tutorials will be very appreciated.
Still if anyone can answer any of the previous questions I posted in the previous post I'll certainly appreciate the feedback.
[ April 23, 2004: Message edited by: James Adams ]