You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Gerry Duhig <ge...@nectar.demon.co.uk> on 2001/05/30 13:00:20 UTC

Security Questions

Hi!

I have Tomcat setup, actually running with JBoss, and I am looking at security.

I can setup an application with a login-conf in web.xml, but I cannot see who or what handles that. Is it Tomcat directly, or some loaded subsystem?

In detail: In my server.xml file I have the following:

        <RequestInterceptor className="org.apache.tomcat.request.AccessInterceptor"  debug="0" />

What is this actually saying or doing?

I also have:

        <!-- Check permissions using the simple xml file. You can 
             plug more advanced authentication modules.
          -->
        <RequestInterceptor 
            className="org.apache.tomcat.request.SimpleRealm" 
            debug="0" />
  
Same question! What's it for, what's it do? I don't seem to have a simple xml file, should I?

Gerry