You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ia...@netscape.net on 2003/04/24 11:12:36 UTC

security in server.xml

hi all,

I have been spending some time now to figure out how to do the following (without success, I would like a complete example or something...)

How do I configure Tomcat to handle form based authentication using a data-source ?

what I have so far is this:

1. configured DataSourceRealm in conf/server.xml (no probs)
2. added security in WEB-INF/web.xml (FORM based, with login-form-config)
3. have a login.jsp page, using j_username, j_password, j_security_check in the input fields

a good question is:

What happens when I submit ?
   --> Where does Tomcat find the action ?
      --> what is happening in this action ?
         --> how can I control this action ?

if the form posts to an action called 'j_security_check' then where is the implementation of this action ? I mean, how does Tomcat know to use te data-source realm ?

in case I would need to implement this action myself: how do I know what to do in case of login failure ? (throw exception or return -1 or what ?)
[I guess I don't need to do this]

I have found something about FormAuthenticator, do I need to extend this class and declare it as a Valve in server.xml ? If yes, how to associate it with my data-source ?

anyway, I am doing trial-and-error here and I really cannot find any good documentation on the subject (they all use BASIC authentication, which is not designed for serious projects - I work in PKI security so in the end I would even go for client authentication with X.509v3)

could somebody just send me an example or a brief yet complete description on how to proceed (I could not find anything useful in the mailing lists)

thanx a lot in advance
Wouter.

__________________________________________________________________
Try AOL and get 1045 hours FREE for 45 days!
http://free.aol.com/tryaolfree/index.adp?375380

Get AOL Instant Messenger 5.1 for FREE! Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org