tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Morten Andersen <>
Subject RE: Implementing Realm
Date Wed, 08 Dec 2004 09:30:01 GMT
Sorry if I'm being stupid, but it simply doesn't match my experiences.

I'm using tomcat 4.1.30 as it is with standard MemoryRealm implementation. 
The username/passwords are created using the tomcat-users.xml, but If I 
change these without restarting tomcat the usernames and passwords are not 
being updated.


I enter a webapp with security constraints with my old password: "xxx"
Then I change the user-role element in conf/tomcat-users.xml so that the 
password is now: "yyy"
I start a new browser. In order to get a new client. Enter the new 
password... No entrance. Entering the old password gives a much better 
result though...

in server.xml there is a userdatabase element, that is documented as a
<!-- Editable user database that can also be used by UserDatabaseRealm to 
authenticate users -->

In the implementation (  there is no sign what so 
ever that it detects an update in the tomcat-users.xml file. The first 
method used is findUser(...) that just returns a value from a HashMap...



At 14:50 07-12-2004, you wrote:

>Yeah, I'm sure.  It's easy to see using the Admin webapp.
>Yoav Shapira
> >-----Original Message-----
> >From: Morten Andersen []
> >Sent: Tuesday, December 07, 2004 4:50 AM
> >To: Tomcat Users List
> >Subject: RE: Implementing Realm
> >
> >At 16:10 17-11-2004, you wrote:
> >>Note that all of Tomcat's built-in Realms support runtime changes to
> >>data store, be it a file or a database.
> >
> >Are you sure. MemoryRealm seems only to be updated as Tomcat is
> >
> >
> >Morten Andersen
> >Master of applied mathematics and computer science
> >Associate professor
> >
> >The Maersk Institute of Production technology at Southern Danish
> >
> >Campusvej 55
> >DK-5230 Odense M
> >Denmark
> >+45 65 50 36 54
> >+45 61 71 11 03
> >Jabber id:
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> >For additional commands, e-mail:
>This e-mail, including any attachments, is a confidential business 
>communication, and may contain information that is confidential, 
>proprietary and/or privileged.  This e-mail is intended only for the 
>individual(s) to whom it is addressed, and may not be saved, copied, 
>printed, disclosed or used by anyone else.  If you are not the(an) 
>intended recipient, please immediately delete this e-mail from your 
>computer system and notify the sender.  Thank you.
>To unsubscribe, e-mail:
>For additional commands, e-mail:

Morten Andersen
Master of applied mathematics and computer science
Associate professor

The Maersk Institute of Production technology at Southern Danish University
Campusvej 55
DK-5230 Odense M
+45 65 50 36 54
+45 61 71 11 03
Jabber id:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message