Created attachment 30841 [details] Patch DataSourceRealm may use global or local JNDI registry to look for resources, but UserDatabaseRealm can use only global resources. Tomcat has implemented authentication users agains XML file, and I wanted to use that feature for my application. The problem is that thr file with users must be registered in global Tomcat configuration file, but I wanted to have the file managed by application, not a server. Then I modified a class UserDatabaseRealm in similar manner as DataSourceRealm is implemented. I also updated a documentation. Class MBeanUtils is modified to avoid error on shutdown. Patch is constructed against revision 93bcdde55f62c6598f0dde9de2a575705e6b5abb (origin/trunk) I could attach application for patch verification, but it seems to me that only one attachement is allowed. However, main idea is allow the following configuration in application META-INF/context.xml file: <Context> <Resource name="MyUserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/example-users.xml" /> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="MyUserDatabase" localDataSource="true"/> </Context>
Created attachment 30842 [details] sample XML file with user definition
Created attachment 30843 [details] sample application
Proposed test: 1. Copy the sample XML file to $(TOMCAT)/conf directory and name it example-users.xml 2. Deploy sample application and try to open. If everything is OK, browser ask you for username and password and only q/qq will be accepted, as defined is sample XML file
After all this time, and the various refactorings, the proposed patch needed quite a few changes. I ended up using the DataSourcRealm as a base instead but this is now implemented. Fixed in: - master for 10.0.0-M10 onwards - 9.0.x for 9.0.40 onwards - 8.5.x for 8.5.60 onwards