tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amrhein, Thomas" <>
Subject AW: User Authorization
Date Fri, 24 Mar 2000 08:00:56 GMT
I want to test user authentication, but I don't know yet what the
Servlet API Specification exactly says.

I can define users in conf/tomcat-users.xml.
How and where are roles defined? 
How are roles assigned to JSPs, servlets or servlet contexts?

Does anybody know?
Where can I find the Servlet API Specification?



-----Ursprüngliche Nachricht-----
Von: Craig R. McClanahan []
Gesendet am: Freitag, 24. März 2000 03:54
Betreff: Re: User Authorization

John Coonrod wrote:

> This is another question that a lot of people have asked in the past week
> and I don't feel has been answered...
> Does the tomcat webserver support user login and - if so - how exactly do
> get it to work? I'm willing to live with the simplest possible login, but
> want the server to require it, not each servlet or jsp.

Tomcat 3.0 does not support user authentication.

Tomcat 3.1beta1 (well, at least the most recent nightly builds, but I'm
sure it was there in the beta) has *experimental* support for user
authentication.  What you do is set up users in the "conf/tomcat-users.xml"
file, and then define your security constraints in the web application
deployment descriptor, as described in the Servlet API Specification.  This
not been extensively tested, and there's no further docs at this point.
Experimentation and bug reports are welcome!


To unsubscribe, email:
For additional commmands, email:

View raw message