tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: tomcat memory realms & tomcat-users.xml
Date Wed, 15 Aug 2007 13:38:22 GMT
> From: Matthew Kerle [mailto:matthew.kerle@sra.com.au] 
> Subject: tomcat memory realms & tomcat-users.xml
> 
> I've read the tomcat docs on memory realm: 
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, 
> and I want to expose the org.apache.catalina.UserDatabase 
> class to the web service context via a <ResourceLink...>.

You probably don't want to do that (even if it's possible, which I
doubt), since all code in the webapps would then have access to the
credentials.

> I'd like to be able to authenticate users without having 
> to add a <security-constraint> to my web.xml, so that
> unauthenticated clients can still connect.

URL patterns in the <security-constraint> allow you to control which
portions of the webapp are accessible to unauthenticated users.  If you
want something with finer granularity, a filter is probably appropriate.
Take a look at:
    http://securityfilter.sourceforge.net/
for a popular one.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message