tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject security in server.xml
Date Thu, 24 Apr 2003 09:12:36 GMT
hi all,

I have been spending some time now to figure out how to do the following (without success,
I would like a complete example or something...)

How do I configure Tomcat to handle form based authentication using a data-source ?

what I have so far is this:

1. configured DataSourceRealm in conf/server.xml (no probs)
2. added security in WEB-INF/web.xml (FORM based, with login-form-config)
3. have a login.jsp page, using j_username, j_password, j_security_check in the input fields

a good question is:

What happens when I submit ?
   --> Where does Tomcat find the action ?
      --> what is happening in this action ?
         --> how can I control this action ?

if the form posts to an action called 'j_security_check' then where is the implementation
of this action ? I mean, how does Tomcat know to use te data-source realm ?

in case I would need to implement this action myself: how do I know what to do in case of
login failure ? (throw exception or return -1 or what ?)
[I guess I don't need to do this]

I have found something about FormAuthenticator, do I need to extend this class and declare
it as a Valve in server.xml ? If yes, how to associate it with my data-source ?

anyway, I am doing trial-and-error here and I really cannot find any good documentation on
the subject (they all use BASIC authentication, which is not designed for serious projects
- I work in PKI security so in the end I would even go for client authentication with X.509v3)

could somebody just send me an example or a brief yet complete description on how to proceed
(I could not find anything useful in the mailing lists)

thanx a lot in advance

Try AOL and get 1045 hours FREE for 45 days!

Get AOL Instant Messenger 5.1 for FREE! Download Now!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message