Reputation: 6181
password protected application in tomcat
I am developing a web application using(JSP + Servlet), and I have used Tomcat 7.0.33 as a web container.
So my requirement is that each application in tomcat will be password protected like the manager application in tomcat is protected.
So far I have done following:
server.xml
<Realm className="org.apache.catalina.realm.MemoryRealm" />
tomcat-users.xml
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="manager-gui"/>
<role rolename="role1" />
<user username="tomcat" password="tomcat" roles="role1,tomcat,manager-gui"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
web.xml
<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>webappname</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>webappname</realm-name>
</login-config>
It works fine when anyone opens the application by application path(it asks for username & password, and application accepts either of the role1 or tomcat for authentication).
But the Issue is that suppose if I login as a user tomcat who has got all roles, and when the manager screen is shown which lists all the application deployed on the server, then if I try to open mywebapplication then it again asks for username and password.
My question is that if I have assigned all the roles to the user tomcat then why it asks for password if I have login as tomcat? is there any way to avoid this?
Thanks in advance.
Upvotes: 5
Views: 7794
Answers (1)
Reputation: 262464
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>webappname</realm-name>
</login-config>
Basic Auth credentials are organized in "Security Realms". If you give all your apps different Realm-Names, the browser will prompt for each. Try using the same name for all of them (if that is what you want).
Upvotes: 3
Related Questions
- tomcat server.xml encrypted password
- Securing password in tomcat server.xml
- Tomcat 7 - Secure a folder under webapps folder
- Secure Tomcat Webapps folder from direct user access
- How to configure tomcat web.xml and tomcat-users.xml to secure a tomcat page
- How to secure the war file deployed in tomcat server?
- How to configure tomcat-users.xml to secure a page in tomcat?
- How to deploy a java application as root in tomcat without allow access to other webapps
- Tomcat secure access
- Configure username and password on Tomcat 5.5 application