type="org.apache.catalina.UserDatabase"
description="Userdatabasethatcanbeupdatedandsaved">
factory
org.apache.catalina.users.MemoryUserDatabaseFactory
pathname
conf/tomcat-users.xml
--A"Service"isacollectionofoneormore"Connectors"thatshare
asingle"Container"(andthereforethewebapplicationsvisible
withinthatContainer).Normally,thatContainerisan"Engine",
butthisisnotrequired.
Note:
A"Service"isnotitselfa"Container",soyoumaynot
definesubcomponentssuchas"Valves"or"Loggers"atthislevel.
-->
--DefinetheTomcatStand-AloneService-->
--A"Connector"representsanendpointbywhichrequestsarereceived
andresponsesarereturned.EachConnectorpassesrequestsontothe
associated"Container"(normallyanEngine)forprocessing.
Bydefault,anon-SSLHTTP/1.1Connectorisestablishedonport8080.
YoucanalsoenableanSSLHTTP/1.1Connectoronport8443by
followingtheinstructionsbelowanduncommentingthesecondConnector
entry.SSLsupportrequiresthefollowingsteps(seetheSSLConfig
HOWTOintheTomcat4.0documentationbundleformoredetailed
instructions):
*DownloadandinstallJSSE1.0.2orlater,andputtheJARfiles
into"$JAVA_HOME/jre/lib/ext".
*Execute:
%JAVA_HOME%\bin\keytool-genkey-aliastomcat-keyalgRSA(Windows)
$JAVA_HOME/bin/keytool-genkey-aliastomcat-keyalgRSA(Unix)
withapasswordvalueof"changeit"forboththecertificateand
thekeystoreitself.
Bydefault,DNSlookupsareenabledwhenawebapplicationcalls
request.getRemoteHost().Thiscanhaveanadverseimpacton
performance,soyoucandisableitbysettingthe
"enableLookups"attributeto"false".WhenDNSlookupsaredisabled,
request.getRemoteHost()willreturntheStringversionofthe
IPaddressoftheremoteclient.
-->
--Defineanon-SSLCoyoteHTTP/1.1Connectoronport8081-->
port="8080"minProcessors="5"maxProcessors="75"
enableLookups="true"redirectPort="8443"
acceptCount="100"debug="0"connectionTimeout="20000"
useURIValidationHack="false"disableUploadTimeout="true"/>
--Note:
Todisableconnectiontimeouts,setconnectionTimeoutvalue
to0-->
--DefineaSSLCoyoteHTTP/1.1Connectoronport8443-->
--
port="8443"minProcessors="5"maxProcessors="75"
enableLookups="true"
acceptCount="100"debug="0"scheme="https"secure="true"
useURIValidationHack="false"disableUploadTimeout="true">
clientAuth="false"protocol="TLS"/>
-->
--DefineaCoyote/JK2AJP1.3Connectoronport8009-->
port="8009"minProcessors="5"maxProcessors="75"
enableLookups="true"redirectPort="8443"
acceptCount="10"debug="0"connectionTimeout="20000"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
--DefineanAJP1.3Connectoronport8009-->
--
port="8009"minProcessors="5"maxProcessors="75"
acceptCount="10"debug="0"/>
-->
--DefineaProxiedHTTP/1.1Connectoronport8082-->
--Seeproxydocumentationformoreinformationaboutusingthis.-->
--
port="8082"minProcessors="5"maxProcessors="75"
enableLookups="true"disableUploadTimeout="true"
acceptCount="100"debug="0"connectionTimeout="20000"
proxyPort="80"useURIValidationHack="false"/>
-->
--Defineanon-SSLlegacyHTTP/1.1TestConnectoronport8083-->
--
port="8083"minProcessors="5"maxProcessors="75"
enableLookups="true"redirectPort="8443"
acceptCount="10"debug="0"/>
-->
--Defineanon-SSLHTTP/1.0TestConnectoronport8084-->
--
port="8084"minProcessors="5"maxProcessors="75"
enableLookups="true"redirectPort="8443"
acceptCount="10"debug="0"/>
-->
--AnEnginerepresentstheentrypoint(withinCatalina)thatprocesses
everyrequest.TheEngineimplementationforTomcatstandalone
analyzestheHTTPheadersincludedwiththerequest,andpassesthem
ontotheappropriateHost(virtualhost).-->
--Definethetoplevelcontainerinourcontainerhierarchy-->
--Therequestdumpervalvedumpsusefuldebugginginformationabout
therequestheadersandcookiesthatwerereceived,andtheresponse
headersandcookiesthatweresent,forallrequestsreceivedby
thisinstanceofTomcat.Ifyoucareonlyaboutrequeststoa
particularvirtualhost,oraparticularapplication,nestthis
elementinsidethecorrespondingorentryinstead.
ForasimilarmechanismthatisportabletoallServlet2.3
containers,checkoutthe"RequestDumperFilter"Filterinthe
exampleapplication(thesourceforthisfiltermaybefoundin
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
Requestdumpingisdisabledbydefault.Uncommentthefollowing
elementtoenableit.-->
--
-->
--Globalloggerunlessoverriddenatlowerlevels-->
prefix="catalina_log."suffix=".txt"
timestamp="true"/>
--BecausethisRealmishere,aninstancewillbesharedglobally-->
--ThisRealmusestheUserDatabaseconfiguredintheglobalJNDI
resourcesunderthekey"UserDatabase".Anyedits
thatareperformedagainstthisUserDatabaseareimmediately
availableforusebytheRealm.-->
debug="0"resourceName="UserDatabase"/>
--Commentouttheoldrealmbutleaveherefornowincasewe
needtogobackquickly-->
--
-->
--ReplacetheaboveRealmwithoneofthefollowingtogetaRealm
storedinadatabaseandaccessedviaJDBC-->
--
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:
mysql:
//localhost/authority"
connectionName="test"connectionPassword="test"
userTable="users"userNameCol="user_name"userCredCol="user_pass"
userRoleTable="user_roles"roleNameCol="role_name"/>
-->
--
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:
oracle:
thin:
@ntserver:
1521:
ORCL"
connectionName="scott"connectionPassword="tiger"
userTable="users"userNameCol="user_name"userCredCol="user_pass"
userRoleTable="user_roles"roleNameCol="role_name"/>
-->
--
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc:
odbc:
CATALINA"
userTable="users"userNameCol="user_name"userCredCol="user_pass"
userRoleTable="user_roles"roleNameCol="role_name"/>
-->
--Definethedefaultvirtualhost-->
unpackWARs="true"autoDeploy="true">
--Normally,usersmustauthenticatethemselvestoeachwebapp
individually.Uncommentthefollowingentryifyouwouldlike
ausertobeauthenticatedthefirsttimetheyencountera
resourceprotectedbyasecurityconstraint,