tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: [OT] Re: problems at
Date Wed, 02 Jun 2010 13:25:22 GMT
Hash: SHA1

Yucca Nel,

On 6/2/2010 8:27 PM, wrote:
> There was  a question as to why I am using a realm and application 
> based realm and I have no idea howcome people think I am not using only
> tomcat realm?

It's not that we think you're using a non-Tomcat Realm: it's that we
think you're using the /wrong/ Tomcat Realm.

See... JDBCRealm uses its own set of credentials to connect to the
database and uses a single Connection object, requiring lots of
synchronization to protect that shared resource. Basically, it's not
appropriate for production because of those two facts. Instead, we're
suggesting that you set up a DataSource and then use a DataSourceRealm
which will use a connection-per-authentication-attempt and is much more

> hibernate is not doing any security related stuff other than persisiting
> new users and thier credentials to mysql. Tomcat is only managing
> security and hibernate everything else... Hope this clears up
> discussion. :)

Is hibernate using a Tomcat-created DataSource? If not, you're making
your life harder by placing database connection configuration in several
places instead of just one.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message