Tuesday, December 2, 2003 03:04 AM
There are two required steps to activate Basic HTTP authentication in Tomcat.
The first one is Tomcat specific task. You need to define the type of Realm you wanna use. You can choose different type of realms: Memory, Database (DataSource or JDBS) and JNDI.
The easiest to set up is the Memory Realm, but if you need further information you can still refer to the Tomcat 4 Realm Configuration HOWTO documentation page.
For a Memory realm, you just need to insert in the tag of your server configuration file (conf/server.xml) this tag:
Once you have done this, you should edit (or create) the conf/tomcat-users.xml file where you will place the name of all the users you wanna give access to, and their "role". A simple example could be this one:
This has created a role called "test", and a "user" that belongs to that role.
You can change the way you save your password (by default it's plain text) or the name and location of the file, through the attributes of the Realm tag, as described in the documentation page linked above.
The second step is the standard servlet way to set the authentication, siply adding to your web application descriptor (web.xml) some imformation like, for example:
Example Basic Authentication
That should be enough to start...