[rules-users] User Security with guvnor 5.4 and Tomcat 6.0.36

Hi, I have searched extensively for any answers, but have obviously not been looking in the right places. Tomcat is my app server: it should define the users. This is no problem: since it is a small application we want to define our users in tomcat-users.xml, using the UserDatabaseRealm (in preference to MemoryRealm). JAAS or other options are overkill for us. Now, what should I do on the guvnor side? I understand I should be looking at the WEB-INF/beans.xml config file. I can't find much documentation on the contents of this file in general, and nothing specific that seems to help me. A lot of the advice out there seems JBoss AS specific or precedes the move in 5.4 to beans.xml. But, I understand that tomcat in this setting is not supplying a JAAS context, which seemed to be the most likely option. Do I need to implement a version of org.drools.guvnor.server.security.DemoAuthenticator? Is that our only option? Hasn't someone done this before? What would you do in this situation? Any assistance would be greatly appreciated. Thanks, Pete -- View this message in context: http://drools.46999.n3.nabble.com/User-Security-with-guvnor-5-4-and-Tomca... Sent from the Drools: User forum mailing list archive at Nabble.com.