Configuring Security Domains in Tomcat (overview)

Source: Internet
Author: User

A security domain is a mechanism used by Tomcat servers to protect Web application resources, where security authentication information can be configured, that is, user and user and role mapping relationships, each user can have one or more roles, and each role limits the Web resources available for access

It consists of the following four types

1 Memory domains Memoryrealm read security validation information from XML and store them in memory as a set of objects

2 JDBC Domain Jdbcrealm access to security authentication information stored in the database through JDBC driver

3 Data source domain Datasoucerealm access to security information in a database through a JNDI data source

4Jndi domain Jndirealm access to security authentication information in an LDAP-based directory server via Jndi provider

The configuration process has the following 2 parts

1 Setting security constraints for Web resources

(1) Adding <sercurity-constraint> elements to the web.xml, restricting the file types to be filtered

(2) Add <logiin-config> tomcat in the Web support three authentication methods, 1 Basic authentication, 2 digest validation 3 based on form verification

Summary validation is actually a method of encrypting the first method, and form verification is done by its own Longin page implementation

(3) Add <security-role> elements in Web.xml to specify the names of all the characters of the hand

2 in Conf/server. The XML configures realm, which specifies the class name of the security domain and the associated attributes.

It should be noted that the memory domain is to store user and role data in Tomcat-users.xml

After 2 kinds are stored in the database, especially when the configuration data source domain, must put the datasource stored in the "globalnamingresouces" label, otherwise, although the normal use but do not access to the database validation, can not verify the success

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.