What I meant was how can I never have them see the tomcat login...I want to
validate the manually from my own code?
I have a web based app that the user must log into...I want log the user in
to tomcat once they are logged into to application.
What I meant about being asked twice was that they would be asked to login
to my app...then asked once to log into tomcat's thing..
-----Original Message-----
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 04, 2000 10:27 AM
To: [EMAIL PROTECTED]
Subject: Re: formbased security
John de la Garza wrote:
> Can I manually stick the username/passwd into the server container? So the
> user is not asked? for example they log into my app...then they can
browser
> around with out being asked to 'login' again...
>
Well, that is what actually happens. Once you log on, your identity is
recognized until you exit your browser (or the server is restarted).
>
> Also can I keep the user/passwd list in a database instead of the
> tomcatusers.xml file?
>
There are comments in the "conf/server.xml" file illustrating how you can
replace the SimpleRealm interceptor (that processes "conf/tomcat-users.xml")
with one that uses JDBC to access a database. Examples of configuration for
several different databases are included.
Craig McClanahan
