isUserInRole Question
Hi All. I've read a chapter on this in a book I have and in the book when you submit the form and the j_security_check action is performed tomcat looks up the tomcat-users.xml file for the users there and authenticates against those. I would like to use this security mechanism but not store the users in an xml file i would like to have them in the database and compare the entered username and password with the values loaded from the database. So how can i overide tomcat to compare the values entered with the values from the database. I know i could use a servlet as the action for the form and in that servlet do the comparisons but if there is a better way i would like to hear about it. Also when i load up my users from the database what kind of object should i create so that i can call isUserInRole correctly. because all i will have is a string username and password. How will i get tomcat to recognise this as a user? Can anyone point me in the right direction.
