Hash: SHA1

Yucca Nel,

On 6/2/2010 8:27 PM, yucca...@live.co.za wrote:
> There was  a question as to why I am using a realm and application 
> based realm and I have no idea howcome people think I am not using only
> tomcat realm?

It's not that we think you're using a non-Tomcat Realm: it's that we
think you're using the /wrong/ Tomcat Realm.

See... JDBCRealm uses its own set of credentials to connect to the
database and uses a single Connection object, requiring lots of
synchronization to protect that shared resource. Basically, it's not
appropriate for production because of those two facts. Instead, we're
suggesting that you set up a DataSource and then use a DataSourceRealm
which will use a connection-per-authentication-attempt and is much more

> hibernate is not doing any security related stuff other than persisiting
> new users and thier credentials to mysql. Tomcat is only managing
> security and hibernate everything else... Hope this clears up
> discussion. :)

Is hibernate using a Tomcat-created DataSource? If not, you're making
your life harder by placing database connection configuration in several
places instead of just one.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to