O'Reilly logo

Java Servlet & JSP Cookbook by Bruce W. Perry

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 15. Authenticating Clients

Introduction

Because of the increase in digital commerce and a corresponding rise in the need to transfer and store sensitive data (such as credit card numbers and financial accounts), security is of paramount importance to Java web applications.

This chapter’s recipes cover tasks that involve authentication, which is designed to answer the question “are you who you say you are?” Authentication usually involves an interaction between a client or user and server-side code for the purpose of checking a username and password (and sometimes a digital certificate, biometric data, or other evidence) against stored information, such as a user database.

The recipes describe how to set up Secure Sockets Layer (SSL), as well as use BASIC- and form-based authentication with Apache Tomcat. The later recipes describe how to use a powerful security framework called Java Authentication and Authorization Service (JAAS) with servlets and JSPs.

15.1. Creating Users and Passwords with Tomcat

Problem

You want to create usernames and passwords for authenticating requests for certain web components.

Solution

Add the usernames, passwords, and roles to the tomcat-users.xml file.

Discussion

A very easy method of authenticating users with Tomcat involves creating usernames, passwords, and roles in the tomcat-users.xml file. This file is stored in <Tomcat-installation-directory>/conf.

Everyone is familiar with usernames and passwords, but what are roles? Roles are logical ways ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required