tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peder Pedersen <>
Subject Re: tomcat-users.xml
Date Fri, 14 Apr 2000 09:54:58 GMT
Hi Neil,

My impression is that the tomcat-users.xml authorization mechanism is 
in an "early stage" condition. Anyway, you set up the users with 
password and roles, like:

  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="admin" password="nimda" roles="admin" />

Then you set up your web application authorization constraints in the 
web application deployment descriptor (webappl/WEB-INF/web.xml). Check 
out the Servlet specification, and the web.xml DTD file in particular.
For a very simple example, use something like:

            <web-resource-name>Admin Pages</web-resource-name>


The login page in this example should have the format as specified in 
the specification; something like:

	<title> Security crap. </title>
	<form method="POST" action="j_security_check">
		Username <input type="text" name="j_username" size=20><br>
		Password <input type="password" name="j_password" size=20><br>
		<input type="submit" name="Login" value="Login" size=20><br>

Now, if you try to acccess a page in the admin folder, you are 
automatically forwarded to the login page first.
Btw, I seem to recall that someone had looked into LDAP integration...

Best regards,
 - Peder

>>>>>>>>>>>>>>>>>> Original Message

On 4/14/00, 9:25:45 AM, Neil Davies <> wrote 
regarding tomcat-users.xml:

> Dear All,

>           Could anyone help please.How do i set up authorization using
> tomcat-users.xml?

> To unsubscribe, email:
> For additional commmands, email:

View raw message