Reputation: 15
tomcat 7 web.xml hierarchy - users and roles - java servlet
I'm trying to get familiar with TomEE, or at least TomCat 7 that is used in an older application I'm currently working.
In the tomcat location there is a web.xml. As far as I understood this is used for all servlets that have no own web.xml, right? Or will this be also used for those servlets that have an own one?
Not sure about the hierachy of this configuration files.
Tried to get a basic authentication working for a module that can be assigned by a url like \localhost:8080\AB The tomcat-users for \localhost:8080\manager is working fine. But can't get an login for \localhost:8080\AB
I tried modify the web.xml like:
<security-role> <role-name>users</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>basic demo resource</web-resource-name> <url-pattern>\AB\*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>users</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config>
But still no login is required for accessing this servlet.
Than I found out, that there is another web.xml in this Java project, which I also tried to modify with the code above. I know I'm doing something wrong, but don't get what it is right now.
The role "users" was created in tomcat-users.xml and a user is also assigned to that group.
Upvotes: 0
Views: 1206
Answers (2)
Reputation: 9651
The web.xml in the tomcat directory contains the default settings. A webapp can override definitions in its own web.xml.
To access to /AB you need:
- to use FORWARD slashes:
<url-pattern>/AB/*</url-pattern> - to have a user with role
usersin your user database - to enter the username and password in the login popup dialog.
Upvotes: 0
Reputation: 615
You have define only security constraint not roles. You need to define tomcat user and crossponding roles like.
<tomcat-users>
<role rolename="AB"/> <!-- you have to define all roles -->
<user username="myname" password="mypassword" roles="AB"/>
<!-- you have to assign login and roles -->
</tomcat-users>
Upvotes: 0
Related Questions
- Tomcat security constraint for valid user
- How to configure tomcat web.xml and tomcat-users.xml to secure a tomcat page
- Tomcat authentication and operations for the user
- How to configure tomcat-users.xml to secure a page in tomcat?
- Purpose of roles tags in tomcat-users.xml?
- web.xml security constraint combination of roles
- Tomcat servlet security
- Servlet security authentication
- Tomcat secure access
- Configure username and password on Tomcat 5.5 application