?realms in different level(Engine,Host,Webapp)?

[Jack <ja...@hotmail.com>]

"Terry Zhou" <zh...@gmail.com> wrote in message 
news:daa09eb00601200137k6e9fa75cr@mail.gmail.com...
>Tomcat does have a realm in different level(Engine,Host,Webapp)
> for security.
>Check http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html
Is there anybody using this? and it works?
I guess the developers just want to go that way.

I said it doesn't work in replying him, nobody give more information.

When i use this to replace the UserDatabaserealm, everything works well.
      <Realm  className="org.apache.catalina.realm.JDBCRealm"
             driverName="com.sap.dbtech.jdbc.DriverSapDB"
          connectionURL="jdbc:sapdb://192.168.1.98/tst?unicode=true"
         connectionName="test" connectionPassword="test"
              userTable="users" userNameCol="user_name" 
userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name" />
when i moved it to a web-app's context.xml, and the userdatabaserealm 
enabled on engine level,
the one configued in context.xml doesn't work.
Furthermore, users defined in the engine level is available in the web-app.

Terry mentioned for security reason, i think that users defined in the 
engine level should not be available to
the web-app. Yes, the users defined in engine level should not be available 
to web-apps.
users defined in host level can be available to all its web-apps.

<Realm className="org.apache.catalina.realm.MemoryRealm"
             pathname="conf/Catalina/localhost/dusers.xml">
 </Realm>
in a specific web-app's context.xml doesn't work, either.

Thank you for reading this.

jackzhp@hotmail.com




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org