You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Leon Palermo <le...@zedak.com> on 2001/04/12 16:00:26 UTC

JDBCRealms

Hello,

I have set up my database tables and the appropriate RequestInterceptor in
my server.xml file.  Can someone show me an example of what should be in the
web.xml file (including roles) to utilize the JDBCRealm?  Thanks in advance!

Leon Palermo

RE: JDBCRealms

Posted by Ricardo Gladwell <ri...@ubqtmedia.com>.

To secure you web application you need to add the following sequence to the
web.xml file for the web application you want to secure, amended for your
own needs:

	<security-constraint>

		<web-resource-collection>
			<web-resource-name>Intranet</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>

		<auth-constraint>
			<role-name>IntranetUser</role-name>
		</auth-constraint>

	</security-constraint>

	<login-config>
		<auth-method>BASIC</auth-method>
		<realm-name>UBQT Media Intranet</realm-name>
	</login-config>

The <web-resource-collection> details the areas and access points of your
application you wish to secure. The <web-resource-name> *appears* to be just
an identifier for the particular web-resource, but with documentation for
this feature being very thin on the ground it's dificult to say for sure.
The <url-pattern> tag allows you to specify wildcard filters to determine
which files are to be secured. For example,
<url-pattern>/*.jsp</url-pattern> will only ask for authentication for your
JSP files. You may also add <http-method> tags to limit authentication to
specific HTTP methods, such as GET or POST. By default all HTTP methods will
be authenticated.

The <auth-constraint> specifies the authentication constraints on users. For
example, the <role-name> tags allows you to specify that only users that
members of certain roles have access.

Finally, the <login-config> group allows you specify the authentication
method (which must be either BASIC or FORM). The <realm-name> tag allows you
specify the domain/realm name that will appear in the password dialog for
the client.

Hope that was helpful, yours...

--
Ricardo Gladwell
UBQT Media PLC, Windsor
Mobile: (07779) 841 444

> -----Original Message-----
> From: Leon Palermo [mailto:leonp@zedak.com]
> Sent: 12 April 2001 15:00
> To: tomcat-user@jakarta.apache.org
> Subject: JDBCRealms
>
>
> Hello,
>
> I have set up my database tables and the appropriate RequestInterceptor in
> my server.xml file.  Can someone show me an example of what
> should be in the
> web.xml file (including roles) to utilize the JDBCRealm?  Thanks
> in advance!
>
> Leon Palermo
>