Forums Register Login

Web App Security

+Pie Number of slices to send: Send

I just finished reading the chapter on Web App Security in HFSJ.

I will like to know whether new J2EE project actually do specify/use "<security-constraint>" in web.xml file or there are better and newer ways of achieving authentication and authorization.Listing all users and roles in "tomcat-users.xml" seems a bit tacky to me a better approach to me will be to use a database to store users and roles.


Will specify my users and roles in a database make most of the work(authentication and authorization) done by the container using "<security-constraint>" unnecessary?

It seems like the only important tag I may use if I'm to define my users and roles in a database will be "<user-data-constraint>", someone correct me if I'm wrong.

When I use a <login-config> is the user name and password compared with what is in tomcat-users.xml by the container or I have to retrieve these two parameters and do the comparison myself.
+Pie Number of slices to send: Send
 

Moses Marfo wrote:...Listing all users and roles in "tomcat-users.xml" seems a bit tacky to me a better approach to me will be to use a database to store users and roles.


That's an in-memory realm, of course you can have JDBC realms. Check the Tomcat documentation.

When I use a <login-config> is the user name and password compared with what is in tomcat-users.xml by the container or I have to retrieve these two parameters and do the comparison myself.


Yes, by the container.
+Pie Number of slices to send: Send
thanks
Vijitha
And will you succeed? Yes you will indeed! (98 and 3/4 % guaranteed) - Seuss. tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 931 times.
Similar Threads
implement security constraints and assign users
Problem While Enabling Authentication
Studying HeadFirst book: cannot make authentification
[Facelet & JSF Security] What do you think of this?
Webapp-Security chapter revision notes from HFSJ , may be useful
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 16:20:05.