-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yucca Nel,
On 6/2/2010 8:27 PM, yuccanel@live.co.za wrote:
> There was a question as to why I am using a realm and application
> based realm and I have no idea howcome people think I am not using only
> tomcat realm?
It's not that we think you're using a non-Tomcat Realm: it's that we
think you're using the /wrong/ Tomcat Realm.
See... JDBCRealm uses its own set of credentials to connect to the
database and uses a single Connection object, requiring lots of
synchronization to protect that shared resource. Basically, it's not
appropriate for production because of those two facts. Instead, we're
suggesting that you set up a DataSource and then use a DataSourceRealm
which will use a connection-per-authentication-attempt and is much more
high-performance.
> hibernate is not doing any security related stuff other than persisiting
> new users and thier credentials to mysql. Tomcat is only managing
> security and hibernate everything else... Hope this clears up
> discussion. :)
Is hibernate using a Tomcat-created DataSource? If not, you're making
your life harder by placing database connection configuration in several
places instead of just one.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwGW8IACgkQ9CaO5/Lv0PALlwCgwejhODA7bB92UMEbgpIPGb8R
3RoAn3BXDzQWZ5497EKzaSP1W84Mtqu2
=zCtF
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|