Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Applying Security to Servlets

 
Mike Thomson
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am studying the security part of HFSJ. In that they have mapped the users in tomcat-users.xml to DD <security-role> element in web.xml.

I am wondering how can we add all the user id and their password in the tomcat-users.xml. whenever a new user is registering, we have to edit the tomcat-users.xml and restart the application will be painful.

Although it is vendor specific, I want to know how we can map the DD <security-role> from the user id and password in the DB.

When a new user is registering, I am capturing his/her user id and password and store it in the DB. How can I configure the <security-role> element in web.xml? Please advice. Any links/material dealing with this will be more helpful.(though I prefer DB rather LDAP, as I am trying out in my personal pc)
 
Joe Ess
Bartender
Posts: 9319
10
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Mike Thomson:
How can I configure the <security-role> element in web.xml? Please advice.


You only need to declare security roles in web.xml to map roles to web-resource-collections. Since you should not be creating roles on the fly, you don't need to touch web.xml. Your user database should map a user to a particular role.
Tomcat Documentation: JDBCRealm Configuration
 
Mike Thomson
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Joe for your reply.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic