How to protect directories with a password in Tomcat? is there any .htaccess-like way to achieve this?
Created May 14, 2012
Daniele Galluccio To password protect your pages you can use a Realm.
Please referer at the Tomcat Documentation for detailed info, like the Realm Configuration HOW-TO. Please always read the documentation.
However to give you starting point:
Once you've defined a realm resource(as the tomcat-users.xml or a your own jdbc realm) in server.xml, you have to modify the web.xml file of your application. Here's a sample for adding basic realm support (Form authentication is quite similar, look at docs)
Please referer at the Tomcat Documentation for detailed info, like the Realm Configuration HOW-TO. Please always read the documentation.
However to give you starting point:
Once you've defined a realm resource(as the tomcat-users.xml or a your own jdbc realm) in server.xml, you have to modify the web.xml file of your application. Here's a sample for adding basic realm support (Form authentication is quite similar, look at docs)
<!-- Define reference to the user database for looking up roles -->
<resource-env-ref>
<description>Link to the UserDatabase instance from which
we request lists of defined role names.</description>
<resource-env-ref-name>UserDatabase</resource-env-ref-name>
<resource-env-ref-type>org.apache.catalina.UserDatabase</resource-env-ref-type>
</resource-env-ref>
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>test</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Your Realm Name</realm-name>
</login-config>
<security-role>
<description>The role that is required to log in to
the Manager Application</description>
<role-name>test</role-name>
</security-role>