Hi,
I have been working over the summer to create a very simple login page that just has the userName and the Password and all what I did is that this page printes the information entered in a new page. I have successfully done this part. My second project is to do users' roles like to eliminate what guests can see and change vs the manager who can do anything and make any changes. This is not a HW so I am not worried about posting my code as there is no cheating going on here: Here is what I have in my web.xml

<security-constraint>
        <web-resource-collection>
            <web-resource-name>
               SecuredBookSite
            </web-resource-name>
            <url-pattern>/secured/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description>
            Let only managers use this app
            </description>
            <role-name>manager</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
       <role-name>manager</role-name>
    </security-role>
    <login-config>
      <auth-method>BASIC</auth-method>
    </login-config>

And here is the change I made to my tomcat-users file:

<tomcat-users>

<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="secret" roles="admin,manager"/>

</tomcat-users>

I would be so thankful for any advice as my summer is ending and I want to make sure I get to learn something out of it. Thanks

ehm .... if it is to have roles in your personal application, it has nothing to do with tomcat-users or the tomcat config.

you have to define roles in your db and application, not in your server.

This page describes the term JSP and lists other pages on the Web where you can find additional informationThe post is very informative. It is a pleasure reading it. I have also bookmarked you for checking out new posts.

estetik23:

when recommending a link, don't forget to add the link to your post.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.