On 05/06/2019 07:14, Karen Goh wrote: > Hi, > > I am trying to do JASPIC follows by JACC using Java Servlet and JSP and maybe > REST with PostgresQL > > https://www.byteslounge.com/tutorials/jaas-authentication-in-tomcat-example > > However, I have difficulty in locating the $Catablina_base in the external > tomcat server I am using in Eclipse. > > Also, I went to check out the hosting company side, I can't find > Catalina_base at all also.
For an explanation of $CATALINA_BASE http://tomcat.apache.org/tomcat-9.0-doc/RUNNING.txt Unless you have deliberately split them $CATALINA_BASE == $CATALINA_HOME Generally, $CATALINA_BASE/conf is where you will find your server.xml file. > I hope someone can tell me exactly where to put the jaas.config file for the > JAAS to work. > > Another thing is about JASPIC. > > I can't find alot of tutorial regarding JASPIC. It isn't that widely used. It has potential but hasn't really caught on. > There is this guy Arjan Tijms which poses quite a fair bit of infor but I > guess my Java skills is still not good enough to understand the mechanism of > how things work. > > I am currently testing things out using Tomcat 9.0.4. I'd strongly recommend you update to the latest 9.0.x release. > And how does JASPIC + JACC fit into the scheme of salt based password > verification. > > Hope someone can give me some hints how to go about securely password the > simplest possible way based on JASPIC and JACC. Thanks. Why use JASPIC and JACC. Note Tomcat doesn't provide a JACC implementation. Perhaps take a step back. Describe the problem you are trying to solve and maybe we can provide some pointers on how to best solve it with Tomcat. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org