Forums Register Login

doubt in security - username and password.

+Pie Number of slices to send: Send
hello,
my doubt is in security,

we are creating roles with user names and passwords in tomcat-users.xml .

as far as roles are concerned, i get it .

what i dont get is , doesn't the user create his username and password ,how come we do it(that is the application developer).

for eg: i want to buy a book from amazon.com , i create all login details(that is the user)

could anyone explain me - what's happening here . one thing is for sure , i am missing something.

thanks.
+Pie Number of slices to send: Send
Hi,

As far I know, the tomcat-user.xml file is used merely for the testing purpose.
I mean you use this file to test the different security roles for the web application under development.
Once your web application goes live, it should not use the 'tomcat-user.xml'. Normally a backend database
stores everything usernames & password.

Please correct me if I am wrong.
+Pie Number of slices to send: Send
Thanks Amru, you're right.

in HFSJ it says,

in real world you are using a production server that gives you a hook into the LDAP or database where your real user security info is stored.




i would like to do the security with database.
in database if i am having username, password and roles, how will the container hook it up.
any suggestions with how to do it .
+Pie Number of slices to send: Send
Well, When I worked with such application, what we did was:

Create a module to handle business logic, i.e. to get the user data from DB & match it with the information user provides.
This is the business layer module.

Create a module that handle all communication between backend DB & business layer module.
This is Data Layer module.
+Pie Number of slices to send: Send
 

priya rishi wrote:in database if i am having username, password and roles, how will the container hook it up.


That's where Tomcat realms come into play: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Either a JDBCRealm or a DataSourceRealm would be a good fit here.

Of course, you still need a way for the user to create the account, so that the web app can store the relevant data in the DB.
+Pie Number of slices to send: Send
Thanks Amru, i have tried the concept with MVC , but wrote logic for checking the stored username and password(in DB) with the login details. but authentication is really cool.


Ulf Dittmer wrote:
That's where Tomcat [i]realms[/i| come into play: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Either a JDBCRealm or a DataSourceRealm would be a good fit here.



Thanks Ulf, could you give me the link to try with IBM WAS.
+Pie Number of slices to send: Send
What do you mean by "the link" - link to what? And what does IBM WAS have to do with Tomcat?
+Pie Number of slices to send: Send
 

What do you mean by "the link" - link to what?






Apache Tomcat 6.0 Realm Configuration HOW-TO :

In many cases, however, it is desireable to "connect" a servlet container to some existing authentication database or mechanism that already exists in the production environment. Therefore, Tomcat 6 defines a Java interface (org.apache.catalina.Realm) that can be implemented by "plug in" components to establish this connection.



The above says for Tomcat Server.
I am using RAD and IBM WAS for my applications and i want to try the authentication using Database.
and the link you provided had information related to Tomcat server.
So i would like to get some link for IBM WAS.

when i googled , i got this link -
http://publib.boulder.ibm.com/wasce/V2.1.0/en/database-security-realm.html

thats what i meant by the link.

And what does IBM WAS have to do with Tomcat?



i dont know either.
+Pie Number of slices to send: Send
A little hint: Next time you're after information specifically about WAS, you should state that in the question. Instead, you mentioned tomcat-users.xml, and that clearly meant that you're using Tomcat.
+Pie Number of slices to send: Send
i meant both, first i had doubt in tomat-users.xml(after it is cleared ) , i wanted to know how to try with WAS.
+Pie Number of slices to send: Send
If you have any container specific questions, please ask them in their respective forum. (Tomcat,Weblogic)
That new kid is a freak. Show him this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 1650 times.
Similar Threads
action="j_security_check"
Studying HeadFirst book: cannot make authentification
Tomcat Manager app returns a 403
Trouble using j_security form
security issue
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 29, 2024 00:47:42.