Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Deployment descriptor  RSS feed

 
Surya Vamshi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
For my servlet/JSP application I plan to use a form-based authentification approach. From what I understand, for a form-based authentification, the Tomcat will automatically check the userId and Password from the HTTp request, against the userID and Password listed in the apps-xxx.xml file for my Webapplication. But with this approach won't it effect the security.

If number of users are more how can we list all ids and passwords in apps-xxx,xml.

Is my understanding is right. Please do correct me. Also I want to know how we can provide authentification using other application server like bea. If we have to provide userid and password in web.xml file, how to enter all those details in bea.

Thanks
 
Surya Vamshi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Any experts who can answer my question? I will really appreciate it

Thanks
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Firstly, with Form based authentication when the user logs in they are given a cookie, and this cookie is checked each time to make sure they are allowed to access the resource. The username and password are not sent each time.

You do not need to store the username and password in an xml file, that is just one sinple way provided by Tomcat, but it's not very useful in production. Tomcat calls them 'Realms', and you can store the login info in a number of ways including JDBC (ie in a database), although LDAP is my preference.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!