tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John de la Garza" <jdelaga...@designinsites.com>
Subject RE: formbased security
Date Mon, 04 Dec 2000 18:41:10 GMT
What I meant was how can I never have them see the tomcat login...I want to
validate the manually from my own code?

I have a web based app that the user must log into...I want log the user in
to tomcat once they are logged into to application.

What I meant about being asked twice was that they would be asked to login
to my app...then asked once to log into tomcat's thing..



-----Original Message-----
From: Craig R. McClanahan [mailto:Craig.McClanahan@eng.sun.com]
Sent: Monday, December 04, 2000 10:27 AM
To: tomcat-user@jakarta.apache.org
Subject: Re: formbased security


John de la Garza wrote:

> Can I manually stick the username/passwd into the server container? So the
> user is not asked?  for example they log into my app...then they can
browser
> around with out being asked to 'login' again...
>

Well, that is what actually happens.  Once you log on, your identity is
recognized until you exit your browser (or the server is restarted).

>
> Also can I keep the user/passwd list in a database instead of the
> tomcatusers.xml file?
>

There are comments in the "conf/server.xml" file illustrating how you can
replace the SimpleRealm interceptor (that processes "conf/tomcat-users.xml")
with one that uses JDBC to access a database.  Examples of configuration for
several different databases are included.

Craig McClanahan




Mime
View raw message