CODEWITHSUNDEEP
securityweb-applicationstomcatweb.xmltomcat5.5
tinti
tinti

Reputation: 1475

Configure username and password on Tomcat 5.5 application

I have a Tomcat 5.5 server and i deploy a application on it. I have something like this http://tocatServer:8088/MyApp I want to limit the acces of users at this address by putting an username and password, but i need help. I know that i must add roles on web.xml, i try it but without success. If possible i want to send the URL like this http://username:password@tocatServer:8088/MyApp This url is sent from a java swing application for getting license from the serlet Thanks

Upvotes: 1

Views: 643

Answers (1)

bluish
bluish

Reputation: 27282

To restrict the access to a webapp (or to a folder in the webapp URL) in Tomcat:

in webapps/MyApp/WEB-INF/web.xml add

<security-constraint>
    <web-resource-collection>
        <web-resource-name>
            Entire webapp
        </web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>member</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <!-- pay attention: BASIC in insecure, use it only for test, search for a more secure method -->
    <auth-method>BASIC</auth-method>
    <realm-name>Text reported when prompting the user for un and pw</realm-name>
</login-config>

and in conf/tomcat-users.xml add

<role rolename="member"/>
<user username="bubi" password="bubi" roles="member"/>

Then reload the webapp and maybe restart Tomcat too.

Source: O'Reilly's Top Ten Tomcat Configuration Tips - 5. Configuring Basic Authentication

About the second question, I don't know how to realize it.

Upvotes: 2

Related Questions