Previous
Principals and Roles
A principal is an entity which can be either an individual or an organization. A role is an abstract grouping of users. Regard a role as a position. Vera, Chuck and Dave are users. Administrator, Director, Manager, Programmer are roles. Any user can be in no role or in many roles. For example, Vera can be in the Manager and Programmer roles, Chuck can be in the Administrator role, and so on.
Every servlet container provides you with a different mechanism of managing users and roles. You should consult the documentation that accompanies the servlet container on this.
In Tomcat, for example, you do this by editing the tomcat-users.xml file under the conf directory of the deployment directory. For example, here is an example of the tomcat-users-xml file.
<tomcat-users> <role rolename="manager"/> <role rolename="admin"/> <user username="vera" password="arev" roles="manager"/> <user username="chuck" password="chuck" roles="admin"/> <user username="dave" password="secret" roles="manager,admin"/> </tomcat-users>
The file says that there are two roles (admin and manager) and three users (vera, chuck, and dave). You can add as many roles and users as you want to the tomcat-users.xml file.