-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Janusz,
On 9/4/14 2:30 AM, Dalecki, Janusz wrote: > -----Original Message----- From: Felix Schumacher > [mailto:felix.schumac...@internetallee.de] Sent: Thursday, 4 > September 2014 3:29 PM To: Tomcat Users List Subject: Re: web.xml > authentication and Tomcat Realm > > > >> On 4. September 2014 05:35:42 MESZ, "Dalecki, Janusz" >> <jdale...@tycoint.com> wrote: >>> Hi, I am just wondering whether somehow I can use web.xml >>> <login-config/> to point to the Tomcat JDBC Realm that I am >>> using. Are those two completely disjoint or I can link them >>> together. >> They are disjoint. >> >> web.xml is for the developer who has (almost) no knowledge of the >> context (environment) in which his application will run. >> >> context.xml (or equivalents) is the tool for the administrator to >> provide that knowledge to the application. >> > It might be silly question, but if I use web.xml login-config > element – where do I specify password? I am probably missing > something. The Realm takes care of the credentials. For a DataSourceRealm of JDBCRealm, the usernames and passwords are stored in a relational database. For other Realms, the credentials are stored in other places. For instance, if you use a MemoryRealm, the passwords are typically stored in an XML file in CATALINA_BASE/conf/tomcat-users.xml. Using a MemoryRealm isn't really a good idea for a production system for a number of reasons. (Note that using JDBCRealm will give you terrible performance: use a DataSourceRealm instead with a JNDI DataSource.) You really need to read this: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUCHEbAAoJEBzwKT+lPKRYlbsP/jPqVIkl3MhZJdmswWD5AL5y proOErqB/ytVoT2TvvwSb4oXUe0NI/BqmbCCXW7oaExljcw7Dqvtbt+PH0oW5uAu G8BXAq2IhJrfrufz1pDZzxx/zWqlQZ1xTVwlKkdYHknx/0jv4IfwUsMZNwz9OeOa uAJAckflhSPY/qI3/pD9HNoFpZoUS/UEpbmxIeSrjf7jsTJdWI+64xuFXsv6d/1D /NbYpaf+AznqpSuKogjNy/HTb6B1cl8NESJyB+umwxSn7H0bO07GX+CRAzpFpQxt Li48qkFrMMZBvTGtQEZmMw+wyOQ28gQ9lLQFs1h2QAuFCGouoW59jY96NJzSuuu1 cSFGlUNcG4m9oW0zCNlpB0/YD0IODY13QVPPSqVFJhApg6m9uG4os/jb/aMNQ8xo 6Hv6ri2xYGOCC6f/lhaOR7nSdeFEUSin+XHkF1y6xCBNmBSaZMjDbTt2xga134Fl dis1i3zEd7W+EZjiY/jerpRWMGuE9oR1g+PbYbVSnU/Ts+sjqvZflJmtgE+MdJ8a AHPcX0x+8PfPlYBs6yzm0nAHxxqiQdijzzBCwi8KZr7UQPWCtUaHIjmaljUJ+eST 9U3Ue/ePrdyiJm18p7TmfeKI+aDR8g09oadbb9fOKCUz3DyLRH7Qo9uLmBCzZOIt 3LJeFneb/hJ25+opQa7X =fCiU -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
