I am working on a Java application for a while. I primarily work on .NET Platform. Although I feel lot of concepts are common between these two platforms but there are few areas where I am finding some issues related to the configuration.
I am working on Authentication and Authorization and thought I would get something similar to Membership APIs of .NET in JAVA. Closest which I got was using j_security_check. I also got to know about JAAS but think it is little too deep for me to dive into.
I have created the user and role tables in the database and now I have to specify the JDBC Realm settings somewhere. I am using Tomcat 7.0. In most places, it’s mentioned that I need to specify the realm setting in the server.xml.But wouldn’t that apply to all web application deployed on that server since it would become a server level configuration ?.
On a site I even saw a developer mentioning about context.xml but again can’t see a standard document that mention about using this XML file for setting JDBC realm
In.NET, We always put Membership settings at the web.config level and not Machine.config.
Totally Confused on this. Looking for some light on this.
This is not true, you can define it in your webapp as well, but then only in a servletcontainer-specific configuration file, such as
/META-INF/context.xmlin case of Tomcat. It cannot be definied in/WEB-INF/web.xmlbecause it’s specific to the standard Servlet API, not the servletcontainer implementation.That’s correct. This is not recommended if you have no control over the server or if you don’t want to publish the realm through other webapps.
You can specify it in webapp’s
/META-INF/context.xml. See also Tomcat’s own documentation on the<Context>element:(emphasis is not mine, it is already as such in Tomcat’s documentation)