tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John de la Garza" <>
Subject RE: formbased security
Date Mon, 04 Dec 2000 18:41:10 GMT
What I meant was how can I never have them see the tomcat login...I want to
validate the manually from my own code?

I have a web based app that the user must log into...I want log the user in
to tomcat once they are logged into to application.

What I meant about being asked twice was that they would be asked to login
to my app...then asked once to log into tomcat's thing..

-----Original Message-----
From: Craig R. McClanahan []
Sent: Monday, December 04, 2000 10:27 AM
Subject: Re: formbased security

John de la Garza wrote:

> Can I manually stick the username/passwd into the server container? So the
> user is not asked?  for example they log into my app...then they can
> around with out being asked to 'login' again...

Well, that is what actually happens.  Once you log on, your identity is
recognized until you exit your browser (or the server is restarted).

> Also can I keep the user/passwd list in a database instead of the
> tomcatusers.xml file?

There are comments in the "conf/server.xml" file illustrating how you can
replace the SimpleRealm interceptor (that processes "conf/tomcat-users.xml")
with one that uses JDBC to access a database.  Examples of configuration for
several different databases are included.

Craig McClanahan

View raw message