How a server determines which users are in which roles and
how it stores user passwords is completely system dependent. See Section 3.1
(Form-Based Authentication) for the details on the approach used by Tomcat.
For example, by default Tomcat uses install_dir/conf/tomcat-users.xml to
associate usernames with role names and passwords, as in the following example
that designates users joe (with password bigshot) and jane (with password
enaj) as belonging to the administrator and/or kahuna roles.
password="bigshot" roles="administrator,kahuna" />
Chapter 2 ?– Controlling Web Application Behavior with web.xml 82
password="enaj" roles="kahuna" />
Core Warning
Container-managed security requires a significant server-specific
component. In particular, you must use nonportable methods to
associate passwords with usernames and to map usernames to role
names.
user-data-constraint
This optional element indicates which transport-level protections should
be used when the associated resource is accessed. It must contain a
transport-guarantee subelement (with legal values NONE, INTEGRAL,
or CONFIDENTIAL) and may optionally contain a description element. A
value of NONE (the default) for transport-guarantee puts no restrictions
on the communication protocol used. A value of INTEGRAL means that the
communication must be of a variety that prevents data from being changed in
transit without detection.
Pages:
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123