This week's book giveaway is in the OCAJP forum.
We're giving away four copies of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) and have Khalid A Mughal & Rolf W Rasmussen on-line!
See this thread for details.
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security with user data from db

 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello,

i am reading head first Servlet & Jsp right now and have finished the chapter on security ...

now, it says that the users and roles are declared in the tomcat-users.xml which is somewhat cumbersome and awkward since in real development you would use a database to store user relevant information.

The thing that i need to know, how do you tell the container to retrieve the user and roles data from a database rather than from the xml file?

thanks for your help

 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just make use of container managed realm.

In case of Tomcat you may find this document useful: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sebastian Janisch wrote:

now, it says that the users and roles are declared in the tomcat-users.xml which is somewhat cumbersome and awkward since in real development you would use a database to store user relevant information.



I too don't know much about tomcat-users.xml , but surely he is not talking about the DB user names and passwords. This XML file typically refers to the login information related to the server.

Google on to tomcat-users.xml
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, tomcat-users.xml only applies to the admin/management console of Tomcat server. It has nothing to do with authentication of the running webapplications.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic