You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Hao Jiang <hj...@ist.psu.edu> on 2007/06/28 20:20:10 UTC

Entry level help needed

Hi there,
I am a new Tomcat user. Currently I am using Tomcat 5.
My question is this. If I want to develop a servlet of my own which handles user management in basic authentication model, such as add user, add role, etc, how can I do in my own servlet? For example, should I get a tomcat server instance? 
 
thank you very much,
Hao

Re: Entry level help needed

Posted by Christopher Schultz <ch...@christopherschultz.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hao,

Hao Jiang wrote:
> If I want to develop a servlet of my own which handles user
> management in basic authentication model, such as add user, add role,
> etc, how can I do in my own servlet?

Do you want to write a single servlet that /configures/ users and roles
to be user with Tomcat's built-in container-managed authentication and
authorization? Or, do you want to use your own authentication and
authorization mechanism?

It sounds like you want to write your own configuration mechanism.

> For example, should I get a tomcat server instance?

The concept of a "tomcat server instance" is sort of an odd one. I don't
believe that you need to "get" something like this.

Using BASIC authentication just means that you are using
WWW-Authenticate messages to send credentials between the client and the
server. You can use any back-end authentication mechanism that you want
(database, flat file, JNDI, etc.).

You can configure the back-end authentication mechanism in many ways.
One of the easiest is a relational database. Once Tomcat is configured
to use your database for authentication, you simply have to write a
servlet that can update the proper tables (usually 'user', and
'user_role') as appropriate.

You don't need to do anything Tomcat-specific in order to manipulate
this configuration. Just use standard SQL queries to INSERT, UPDATE, or
DELETE the appropriate records. Just remember that most application
servers (including Tomcat) only perform authentication once per login.
If the user's roles change, the user must re-login to get the new roles.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGhA+r9CaO5/Lv0PARAsZCAJwOKbdMe1ajO0Zvuc0JdMim1ZB3kwCghTG7
Ywpsfr9GQdDqV6d5SiSPcP8=
=RovH
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org