You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gerry Duhig <ge...@nectar.demon.co.uk> on 2001/05/30 13:00:20 UTC
Security Questions
Hi!
I have Tomcat setup, actually running with JBoss, and I am looking at security.
I can setup an application with a login-conf in web.xml, but I cannot see who or what handles that. Is it Tomcat directly, or some loaded subsystem?
In detail: In my server.xml file I have the following:
<RequestInterceptor className="org.apache.tomcat.request.AccessInterceptor" debug="0" />
What is this actually saying or doing?
I also have:
<!-- Check permissions using the simple xml file. You can
plug more advanced authentication modules.
-->
<RequestInterceptor
className="org.apache.tomcat.request.SimpleRealm"
debug="0" />
Same question! What's it for, what's it do? I don't seem to have a simple xml file, should I?
Gerry