Three options:
1) Use JDBCRealm. The source and doc are on the Tomcat web site.
2) Roll your own Realm implementation. Take a look at the source code for
SimpleRealm and write what you need.
3) Ditch realms and implement your own login page, validating the user
yourself against a list of accounts you manage.
-- Bill K.
> -----Original Message-----
> From: Hamish Barney [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 19, 2001 7:56 AM
> To: '[EMAIL PROTECTED]'
> Subject: Tomcat security question
>
>
> Just hoping someone can help me deal with this question...
>
> In the application I'm developing I need to restrict access
> to a bunch of
> binary files (sound recordings). Each user should only be
> able to download
> their own files. Files and users will be added and deleted
> dynamically. The
> realm based security in Tomcat doesn't seem to support the
> security model I
> require (creating a new role for every single user and
> associating that with
> their files isn't really practical). Does anyone have an idea
> as to how
> acheive the required security within a Tomcat framework.
>
> Thanks,
> Hamish
>
