tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Entry level help needed
Date Thu, 28 Jun 2007 19:44:43 GMT
Hash: SHA1


Hao Jiang wrote:
> If I want to develop a servlet of my own which handles user
> management in basic authentication model, such as add user, add role,
> etc, how can I do in my own servlet?

Do you want to write a single servlet that /configures/ users and roles
to be user with Tomcat's built-in container-managed authentication and
authorization? Or, do you want to use your own authentication and
authorization mechanism?

It sounds like you want to write your own configuration mechanism.

> For example, should I get a tomcat server instance?

The concept of a "tomcat server instance" is sort of an odd one. I don't
believe that you need to "get" something like this.

Using BASIC authentication just means that you are using
WWW-Authenticate messages to send credentials between the client and the
server. You can use any back-end authentication mechanism that you want
(database, flat file, JNDI, etc.).

You can configure the back-end authentication mechanism in many ways.
One of the easiest is a relational database. Once Tomcat is configured
to use your database for authentication, you simply have to write a
servlet that can update the proper tables (usually 'user', and
'user_role') as appropriate.

You don't need to do anything Tomcat-specific in order to manipulate
this configuration. Just use standard SQL queries to INSERT, UPDATE, or
DELETE the appropriate records. Just remember that most application
servers (including Tomcat) only perform authentication once per login.
If the user's roles change, the user must re-login to get the new roles.

- -chris
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message