Following on from Setting up role based security in tomcat, we now switch from using a memory realm to one backed by a database. Memory realms are great for testing but in any real application is would probably not be acceptable. Normally user credentials are stored in a database, so for this purpose there is a realm based on a datasource. Depending on your view of things, you will either edit server.
Following on from Setting up role based security in tomcat we now look at accessing the realm security information from code. Although tomcat takes care of authenticating users at the right time, there are still times when we need to programatically access the credential information. For example the following snippet from userProfile.jsp is a mixed mode page In that anyone can view the page, but some users with manager role see more information.
Tomcat and most other Java JEE servers support role based security, form based authentication and SSL. These technologies are integrated into your web application declaratively. At first the configuration for this security can look a little daughnting but once understood it is actually not difficult to configure. This article is split over several pages and requires an understanding of tomcat and how a JEE webapp is structured. Most of the article is structured towards tomcat, but if you use another application server, many of the concepts are the same.