tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gerry Duhig" <>
Subject Security Questions
Date Wed, 30 May 2001 11:00:20 GMT

I have Tomcat setup, actually running with JBoss, and I am looking at security.

I can setup an application with a login-conf in web.xml, but I cannot see who or what handles
that. Is it Tomcat directly, or some loaded subsystem?

In detail: In my server.xml file I have the following:

        <RequestInterceptor className="org.apache.tomcat.request.AccessInterceptor"  debug="0"

What is this actually saying or doing?

I also have:

        <!-- Check permissions using the simple xml file. You can 
             plug more advanced authentication modules.
            debug="0" />
Same question! What's it for, what's it do? I don't seem to have a simple xml file, should


View raw message