tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ed" ...@jsq.co.uk>
Subject RE: Security settings seemingly ignored
Date Tue, 11 Jul 2000 14:27:22 GMT
Thanks for your help.  I have downloaded tomcat 3.2beta but I have found an
annoying feature.  The server.xml file contains a block for specifying the
database, table and column names for the username, password and role info.
However, you can only specify this information once.  Unless I have missed
something, this means that the username tables are the same across all the
applications, which is not cool for either a development or commercial
environment.  The person who suggests 'multiple  tomcats on multiple Java
VMs' will recieve a special prize.

I can't use multiple VMs as I am developing multiple web applications - all
of which will require their own lump of memory to run their VM in - and I
don't have lots of memory floating about :(

Ah well, back to the beginning again.  Looks like I'm gunna have to
implement full user and applcation management myself.  Should be fun though
:)

Anyone who is interested is more than welcome to mail me.
  -----Original Message-----
  From: Craig R. McClanahan [mailto:Craig.McClanahan@eng.sun.com]
  Sent: 10 July 2000 19:27
  To: tomcat-user@jakarta.apache.org
  Subject: Re: Security settings seemingly ignored


  One thing you will need to make this work is a <realm-name> element in
your <login-config>.  The text of this element is used in the dialog box
that the browser pops up, so that the user knows what they are logging into.
Example:
      <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>My Secure Test Area</realm-name>
      </login-config>

  Of course, you should also be trying this with the latest beta of Tomcat
3.2 -- there were bugs in basic authorization support in Tomcat 3.1.

  Craig McClanahan

     <snip>


Mime
View raw message