How to protect directories with a password in Tomcat? is there any .htaccess-like way to achieve this?

Created May 8, 2003

Daniele Galluccio

To password protect your pages you can use a Realm.
Please referer at the Tomcat Documentation for detailed info, like the Realm Configuration HOW-TO. Please always read the documentation.
However to give you starting point:
Once you've defined a realm resource(as the tomcat-users.xml or a your own jdbc realm) in server.xml, you have to modify the web.xml file of your application. Here's a sample for adding basic realm support (Form authentication is quite similar, look at docs) 


	<!-- Define reference to the user database for looking up roles -->
	<resource-env-ref>
		<description>Link to the UserDatabase instance from which
                    we request lists of defined role names.</description>
		<resource-env-ref-name>UserDatabase</resource-env-ref-name>
		<resource-env-ref-type>org.apache.catalina.UserDatabase</resource-env-ref-type>
	</resource-env-ref>

	<!-- Define a Security Constraint on this Application -->
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Entire Application</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>test</role-name>
		</auth-constraint>
	</security-constraint>

	<login-config>
		<auth-method>BASIC</auth-method>
		<realm-name>Your Realm Name</realm-name>
	</login-config>

	<security-role>
		<description>The role that is required to log in to 
                    the Manager Application</description>
		<role-name>test</role-name>
	</security-role>
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

About | Sitemap | Contact