tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Kerle <>
Subject tomcat memory realms & tomcat-users.xml
Date Wed, 15 Aug 2007 06:38:37 GMT
Hi all

I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java 
1.6.0_01, and we need to authenticate access by client applications 
coming in over SOAP. We're looking at using the tomcat-users.xml file to 
store user/pwd/role data until the customers Single Sign-On service is 
ready (which will be when pigs fly, if it keeps going as it has).

The application will be deployed internally so we don't need any SSL or 
digest authentication, we're looking at simple HTTP BASIC or SOAP 
headers  for the client to pass through their auth details. The 
complication is that we want to allow default access as well as 
authenticated access, and authenticate against the tomcat-users file.

eg - un-authenticated clients can still access the web service url, but 
get a public role, and authenticated clients get a privileged role.

I'm thinking we might be able to do part of that with the following 
tomcat-users.xml config by having an empty user declaration:

  <role rolename="privileged"/>
  <user name=""  password="" roles="PUBLIC"  />
  <user name="priv_user1"  password="tomcat" roles="privileged"  />

The question is how to authenticate against the tomcat-user database? 

I've read the tomcat docs on memory realm:, 
and I want to expose the org.apache.catalina.UserDatabase class to the 
web service context via a <ResourceLink...>. I'd like to be able to 
authenticate users without having to add a <security-constraint> to my 
web.xml, so that unauthenticated clients can still connect.

Am I on the right track? Or is there a much easier way than what I'm 
trying to do...


* Matthew Kerle
* * IT Consultant *
* Canberra, Australia*

Mobile: +61404 096 863
Email:     Matthew Kerle <>
Web:      Matthew Kerle <> 

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message