jGuru
Register Email     Password Forgot your
password?
HOME FAQS FORUMS DOWNLOADS ARTICLES PEERSCOPE LEARN

  Search   jGuru Search Help

Question How to set up Basic HTTP Authorization in Tomcat 4
Derived from A question posed by maroof dolani
Topics Tools:AppServer:WebServer:Tomcat:Security, Tools:AppServer:WebServer:Tomcat:Configuration
Author Alessandro A. Garbagnati PREMIUM
Created Dec 2, 2003


Answer
There are two required steps to activate Basic HTTP authentication in Tomcat.

The first one is Tomcat specific task. You need to define the type of Realm you wanna use. You can choose different type of realms: Memory, Database (DataSource or JDBS) and JNDI.
The easiest to set up is the Memory Realm, but if you need further information you can still refer to the Tomcat 4 Realm Configuration HOWTO documentation page.
For a Memory realm, you just need to insert in the <Engine...></Engine> tag of your server configuration file (conf/server.xml) this tag: 

  <Realm className="org.apache.catalina.realm.MemoryRealm" />
Once you have done this, you should edit (or create) the conf/tomcat-users.xml file where you will place the name of all the users you wanna give access to, and their "role". A simple example could be this one: 
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="test"/>
  <user username="user" password="pass" roles="test"/>
</tomcat-users>
This has created a role called "test", and a "user" that belongs to that role.
You can change the way you save your password (by default it's plain text) or the name and location of the file, through the attributes of the Realm tag, as described in the documentation page linked above.


The second step is the standard servlet way to set the authentication, siply adding to your web application descriptor (web.xml) some imformation like, for example: 
...
  <security-constraint>
    <web-resource-collection>
      <web-resource-name> 
        Protected Site 
      </web-resource-name>
      <!-- This would protect the entire site -->
      <url-pattern> /* </url-pattern>
      <!-- If you list http methods, 
            only those methods are protected -->
      <http-method> DELETE </http-method>
      <http-method> GET </http-method>
      <http-method> POST </http-method>
      <http-method> PUT </http-method>
    </web-resource-collection>
    <auth-constraint>
      <!-- Roles that have access -->
      <role-name> test </role-name>
    </auth-constraint>
  </security-constraint>
  
  <!-- BASIC authentication -->
  <login-config>
    <auth-method> BASIC </auth-method>
    <realm-name> Example Basic Authentication </realm-name>
  </login-config>

  <!-- Define security roles -->
  <security-role>
    <description> Test role </description>
    <role-name> test </role-name>
  </security-role>
..
That should be enough to start...

Is this item helpful?  yes  no     Previous votes   Yes: 4  No: 3



Comments and alternative answers

Comment on this FAQ entry

There are currently no comments

Ask A Question



 
Related Links

Tomcat FAQ

Tomcat Forum

Jakarta Project

Tomcat Documentation

jGuru JSP FAQ

jGuru Servlet FAQ

Wish List
Features
About jGuru
Contact Us

 



The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Personalized Whitepapers and Resources for You
Articles: Build a More Agile Business with IBM
Microsoft White Paper Windows Server 2008 R2 Hyper-V Live Migration
IBM Articles: Virtualization Delivers a Dynamic Infrastructure
Microsoft Blog: Exchange 2010: Saving Money, Delighting Users, Protecting Communications
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
 Microsoft PDF: Optimizing SharePoint Environments
Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
Adobe Article: Java Developers Finding a Home at Adobe Flex
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Microsoft Video: Deep Dive into Direct Access and UAG
Microsoft Webcast: A PowerPivot Primer
Webcast: Connecting PHP to Microsoft Technologies
 Microsoft Video: Desktop Optimization
Video: Windows Azure Debugging Tips
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Microsoft Free Trials: Windows Server 2008 R2, Exchange Server 2010 and Windows 7
Get the Windows 7 SDK
Free Trial: Red Gate SQL Backup Pro 6
Download: Windows Server Trial
 Iron Speed Designer Application Generator
Microsoft Windows Server 2008 R2 comes with Hyper-V and Live Migration built in, to lower third-party software costs and downtime. Check out the top 10 reasons to upgrade to Windows Server 2008 R2.
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
BlackBerry Application Development Resources
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
 Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES