How to protect directories with a password in Tomcat? is there any .htaccess-like way to achieve this?
Created May 14, 2012
Daniele Galluccio To password protect your pages you can use a Realm.
Please referer at the Tomcat Documentation for detailed info, like the Realm Configuration HOW-TO. Please always read the documentation.
However to give you starting point:
Once you've defined a realm resource(as the tomcat-users.xml or a your own jdbc realm) in server.xml, you have to modify the web.xml file of your application. Here's a sample for adding basic realm support (Form authentication is quite similar, look at docs)
Please referer at the Tomcat Documentation for detailed info, like the Realm Configuration HOW-TO. Please always read the documentation.
However to give you starting point:
Once you've defined a realm resource(as the tomcat-users.xml or a your own jdbc realm) in server.xml, you have to modify the web.xml file of your application. Here's a sample for adding basic realm support (Form authentication is quite similar, look at docs)
<!-- Define reference to the user database for looking up roles --> <resource-env-ref> <description>Link to the UserDatabase instance from which we request lists of defined role names.</description> <resource-env-ref-name>UserDatabase</resource-env-ref-name> <resource-env-ref-type>org.apache.catalina.UserDatabase</resource-env-ref-type> </resource-env-ref> <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>test</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Your Realm Name</realm-name> </login-config> <security-role> <description>The role that is required to log in to the Manager Application</description> <role-name>test</role-name> </security-role>