Tomcat User Base

The Tomcat User Base Realm is using a JNDI resource to store user information. By default, the JNDI resource is configured in an XML file. The default file is tomcat-users.xml  in the Apache Tomcat conf folder.

We strongly recommend using this authentication approach for your test or local environment. It is easy to setup and configure. However, it is not designed to be used for large-scale production or when you have a large number of users.

The following Realm should be added in the server.xml  file in the Apache Tomcat conf folder:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>

NOTE: The Tomcat User Database Realm is used as the default. No configurations are required in the server.xml file to be able to use the Tomcat Database Realm.

The users and roles are managed in the tomcat-users.xml file in the Apache Tomcat conf folder. In this file, you can add users and roles as well as assign roles to users.

 

Example 1

 

Add the following role and user to your tomcat-users.xml file:

 

<role rolename="administrator"/>

<user username="James" password="james" roles="administrator"/>

 

By adding these two lines you have achieved the following:

 

  • Created a new role named administrator
  • Created a new user with username James and password james
  • Assigned the newly created user the role administrator

 

 

 

Example 2

 

<role rolename="admin"/>
<role rolename="designer"/>
<role rolename="user"/>
<user username="viewer" password="viewer" roles="user"/>
<user username="John" password="john" roles="user,admin"/>
<user username="Paul" password="paul" roles="user,designer"/>
<user username="Austin" password="austin" roles="user,designer,admin"/>

 

By adding these seven lines, you have achieved the following:

 

  • Created three new roles named admin, designer, user
  • For the role user, created four users:
    • With username viewer and password viewer
    • With username John and password john
    • With username Paul and password paul
    • With username Austin and password austin
  • For the role admin, created two users:
    • With username John and password john
    • With username Austin and password austin
  • For the role designer, created two users:
    • A user with username Paul and password paul
    • With username Austin and password austin

     

 

NOTE:

User Austin has both administrator and designer roles and is considered a super user.

 

A sample tomcat-users_example.xml is provided in the AltairPanopticonVisualizationServerWAR_<version
number>.zip file. You can modify or add new users and roles in this file.

 

In Panopticon 2020 and onwards, the Administrators.txt and AdministratorGroup.txt files are no longer used to authorize administrator users. The function provided by these files has been replaced by a set of properties in Panopticon.properties:

 

access.default.roles=VIEWER
access.administrator.groups=admin
access.designer.groups=designer
access.list.delimiter=,
access.viewer.groups=

 

The access.default.roles property defines the default roles assigned to any user accessing the server, defaulting to VIEWER. The administration (access.administrator.groups property) and content creation (access.designer.groups property) on the server are mapped by default to the admin and designer user groups.

 

Group sets can be added for a role, by default separated by a comma.

 

 

 

(c) 2013-2024 Altair Engineering Inc. All Rights Reserved.

Intellectual Property Rights Notice | Technical Support