how to skip http basic authentication in tomcat?

Question

I have a url with login page.I am using apache tomcat in CentOS. I have also few rest API's to manipulate the data.

I have configured basic http authentication, but when I access the url through browser, it uses basic authentication and I have to provide login id/password as well.

I just want this http basic authentication when I use API say through some rest client. If I try to access the url from browser, i want to skip this basic authentication.

Is there any way to achieve this?

Answer 1

I assume that when you use a rest client you call a rest web service.

In your web.xml you should have a section with security-constraint

In this section in the url-pattern put the rest page that you want to secure. Do not put there the pages that you do not want to secure.

i.e

if you have something like this

<security-constraint>
         <display-name>SecurityConstraintExample</display-name>
        <web-resource-collection>
              <web-resource-name>WebResource</web-resource-name>
             <url-pattern>/*</url-pattern>
     </web-resource-collection>
        <auth-constraint>
              <role-name>loginUser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
   </security-constraint>

change it to (assuming tha the path is rest/orders for the web serice)

 <security-constraint>
         <display-name>SecurityConstraintExample</display-name>
        <web-resource-collection>
              <web-resource-name>WebResource</web-resource-name>
             <url-pattern>/rest/orders</url-pattern>
     </web-resource-collection>
        <auth-constraint>
              <role-name>loginUser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
   </security-constraint>