Tomcat User Base

The Tomcat User Base Realm is using a JNDI resource to store user information. By default, the JNDI resource is configured in an XML file. The default file is tomcat-users.xml  in the Apache Tomcat conf folder.

We strongly recommend using this authentication approach for your test or local environment. It is easy to setup and configure. However, it is not designed to be used for large-scale production or when you have a large number of users.

The following Realm should added in the server.xml  file in the Apache Tomcat conf folder:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>

NOTE	The Tomcat User Database Realm is used as the default. No configurations are required in the server.xml  file to be able to use the Tomcat Database Realm.

 

The users and roles are managed in the tomcat-users.xml file in the Apache Tomcat conf folder. In this file, you can add users and roles as well as assign roles to users.

 Example 1

Add the following role and user to your tomcat-users.xml  file:

<role rolename="administrator"/>
<user username="James" password="james" roles="administrator"/>

By adding these two lines you have achieved the following:

q  Created a new role named administrator

q  Created a new user with username James and password james

q  Assigned the newly created user the role administrator

Example 2

<role rolename="admin"/>

<role rolename="designer"/>

<role rolename="user"/>

<user username="viewer" password="viewer" roles="user"/>

<user username="John" password="john" roles="user,admin"/>

<user username="Paul" password="paul" roles="user,designer"/>

<user username="Austin" password="austin" roles="user,designer,admin"/>

 

By adding these seven lines, you have achieved the following:

q  Created three new roles named admin, designer, user

q  For the role user, created four users:

·         with username viewer and password viewer

·         with username John and password john

·         with username Paul and password paul

·         with username Austin and password austin

q  For the role admin, created two users:

·         with username John and password john

·         with username Austin and password austin

q  For the role designer, created two users:

·         a user with username Paul and password paul

·         with username Austin and password austin

 

NOTE

User Austin has both administrator and designer roles and is considered a super user. A sample tomcat-users_example.xml is provided in the AltairPanopticonVisualizationServerWAR_<version number>.zip file. You can modify or add new users and roles in this file. In Panopticon 2020.0 and onwards, the Administrators.txt and AdministratorGroup.txt files are no longer used to authorize administrator users. The function provided by these files has been replaced by a set of properties in Panopticon.properties: access.default.roles=VIEWER access.administrator.groups=admin access.designer.groups=designer access.list.delimiter=, access.viewer.groups= The access.default.roles property defines the default roles assigned to any user accessing the server, defaulting to VIEWER. The administration (access.administrator.groups property) and content creation (access.designer.groups property) on the server are mapped by default to the admin and designer user groups. Group sets can be added for a role, by default separated by a comma.