my doubt is in security,
we are creating roles with user names and passwords in tomcat-users.xml .
as far as roles are concerned, i get it .
what i dont get is , doesn't the user create his username and password ,how come we do it(that is the application developer).
for eg: i want to buy a book from amazon.com , i create all login details(that is the user)
could anyone explain me - what's happening here . one thing is for sure , i am missing something.
As far I know, the tomcat-user.xml file is used merely for the testing purpose.
I mean you use this file to test the different security roles for the web application under development.
Once your web application goes live, it should not use the 'tomcat-user.xml'. Normally a backend database
stores everything usernames & password.
Please correct me if I am wrong.
in HFSJ it says,
in real world you are using a production server that gives you a hook into the LDAP or database where your real user security info is stored.
i would like to do the security with database.
in database if i am having username, password and roles, how will the container hook it up.
any suggestions with how to do it .
Create a module to handle business logic, i.e. to get the user data from DB & match it with the information user provides.
This is the business layer module.
Create a module that handle all communication between backend DB & business layer module.
This is Data Layer module.
priya rishi wrote:in database if i am having username, password and roles, how will the container hook it up.
That's where Tomcat realms come into play: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Either a JDBCRealm or a DataSourceRealm would be a good fit here.
Of course, you still need a way for the user to create the account, so that the web app can store the relevant data in the DB.
Ulf Dittmer wrote:
That's where Tomcat [i]realms[/i| come into play: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Either a JDBCRealm or a DataSourceRealm would be a good fit here.
Thanks Ulf, could you give me the link to try with IBM WAS.
What do you mean by "the link" - link to what?
Apache Tomcat 6.0 Realm Configuration HOW-TO :
In many cases, however, it is desireable to "connect" a servlet container to some existing authentication database or mechanism that already exists in the production environment. Therefore, Tomcat 6 defines a Java interface (org.apache.catalina.Realm) that can be implemented by "plug in" components to establish this connection.
The above says for Tomcat Server.
I am using RAD and IBM WAS for my applications and i want to try the authentication using Database.
and the link you provided had information related to Tomcat server.
So i would like to get some link for IBM WAS.
when i googled , i got this link -
thats what i meant by the link.
And what does IBM WAS have to do with Tomcat?
i dont know either.