This document describes how to configure Tomcat to support container
managed security, by connecting to an existing "database" of usernames,
passwords, and user roles. You only need to care about this if you are using
a web application that includes one or more
<security-constraint> elements, and a
<login-config> element defining how users are required
to authenticate themselves. If you are not utilizing these features, you can
safely skip this document.
For fundamental background information about container managed security,
see the Servlet
Specification (Version 2.4), Section 12.
For information about utilizing the Single Sign On feature of
Tomcat (allowing a user to authenticate themselves once across the entire
set of web applications associated with a virtual host), see