tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ed">
Subject RE: Security settings seemingly ignored
Date Tue, 11 Jul 2000 14:27:22 GMT
Thanks for your help.  I have downloaded tomcat 3.2beta but I have found an
annoying feature.  The server.xml file contains a block for specifying the
database, table and column names for the username, password and role info.
However, you can only specify this information once.  Unless I have missed
something, this means that the username tables are the same across all the
applications, which is not cool for either a development or commercial
environment.  The person who suggests 'multiple  tomcats on multiple Java
VMs' will recieve a special prize.

I can't use multiple VMs as I am developing multiple web applications - all
of which will require their own lump of memory to run their VM in - and I
don't have lots of memory floating about :(

Ah well, back to the beginning again.  Looks like I'm gunna have to
implement full user and applcation management myself.  Should be fun though

Anyone who is interested is more than welcome to mail me.
  -----Original Message-----
  From: Craig R. McClanahan []
  Sent: 10 July 2000 19:27
  Subject: Re: Security settings seemingly ignored

  One thing you will need to make this work is a <realm-name> element in
your <login-config>.  The text of this element is used in the dialog box
that the browser pops up, so that the user knows what they are logging into.
          <realm-name>My Secure Test Area</realm-name>

  Of course, you should also be trying this with the latest beta of Tomcat
3.2 -- there were bugs in basic authorization support in Tomcat 3.1.

  Craig McClanahan


View raw message