You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dave Naden <Da...@sas.com> on 2003/07/01 14:07:21 UTC
using Tomcat's UserDatabase realm
I'm implementing simple authentication (Tomcat 4.1.24), either BASIC or FORM-based, using the UserDataBaserealm, and tomcat's tomcat-users.xml file. My web.xml file has <security-constraint> and <login-config> tags. What I'm wondering is, why don't I also need to use <security-role> tags--the spec seems to imply that they are necessary, and other servlet engines seem to use them. This makes applications non-portable from one engine to another.
Anybody know why Tomcat doesn't seem to use this tag?
Dave Naden
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org