You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Dave Naden <Da...@sas.com> on 2003/07/01 14:07:21 UTC

using Tomcat's UserDatabase realm

I'm implementing simple authentication (Tomcat 4.1.24), either BASIC or FORM-based, using the UserDataBaserealm, and tomcat's tomcat-users.xml file.  My web.xml file has <security-constraint> and <login-config> tags.  What I'm wondering is, why don't I also need to use <security-role> tags--the spec seems to imply that they are necessary, and other servlet engines seem to use them.  This makes applications non-portable from one engine to another.
Anybody know why Tomcat doesn't seem to use this tag?
Dave Naden


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org