On Thu, 4 Mar 2004, Shapira, Yoav wrote:
> >Is it possible for users to define a MemoryRealm (or other associated user
> >authentication realm) in their own web.xml file with an associated
> >"users.xml" file? Or must realms be configured in the server.xml file?
>
> Not in web.xml (because Realms are tomcat-specific and not a portable
> feature), but close: in the context xml file for the webapp. See the
> Configuring a Realm section here:
> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#What%20
> is%20a%20Realm?.
>
I've read the documentation, and am still having a bit of a problem that
is probably syntax related. Maybe someone knows the answer...
I have this code in the context file:
<Context path="/jas/example2" docBase="/cs/home/jas/webapps/example2" privleged="true">
<Resource name="userdb" auth="Container"
type="org.apache.catalina.UserDatabase"></Resource>
<Realm className="org.apache.catalina.realm.MemoryRealm"
path="/cs/home/jas/webapps/example2/users.xml" />
</Context>
I now want to use that MemoryRealm from my user app, so in web.xml I have:
<resource-env-ref>
<resource-env-ref-name>userdb</resource-env-ref-name>
<resource-env-ref-type>org.apache.catalina.UserDatabase</resource-env-ref-type>
</resource-env-ref>
and then: (I'm not sure if the security-role is required, or whether the
auth-constaint specified under the security-constraint is enough?)
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>testrole</role-name>
</security-role>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>testrole</role-name>
</auth-constraint>
</security-constraint>
In /cs/home/jas/webapps/example2, I created a users.xml file as follows:
<tomcat-users>
<user name="jas" password="PASS" roles="testrole" />
</tomcat-users>
When I try to access:
localhost:8080/jas/example2/servlet/HelloServlet
I do get the login box, but it doesn't respond to the username/password
combo.
Jason.
> Yoav Shapira
>
>
>
> This e-mail, including any attachments, is a confidential business communication,
> and may contain information that is confidential, proprietary and/or privileged.
> This e-mail is intended only for the individual(s) to whom it is addressed, and may
> not be saved, copied, printed, disclosed or used by anyone else. If you are not
> the(an) intended recipient, please immediately delete this e-mail from your computer
> system and notify the sender. Thank you.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
