Thursday, March 5, 2015

Enabling Basic Authentication for a web application in Tomcat

There are 3 steps to perform as follows:

1.      Create a role in tomcat-users.xml file under tomcat/conf directory as given below:

 

<role rolename="monitor"/>

<user username="krishna" password="1234" roles="monitor"/>

 

2.      Use the role created above in your web application’s web.xml and enable Basic Authentication as given below:

 

<security-constraint>

            <web-resource-collection>

                        <web-resource-name>Wildcard means whole application requires authentication</web-resource-name>

                        <url-pattern>/*</url-pattern>

                        <http-method>GET</http-method>

                        <http-method>POST</http-method>

            </web-resource-collection>

            <auth-constraint>

                        <role-name>monitor</role-name>

            </auth-constraint>

           

            <user-data-constraint>

                        <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->

                        <transport-guarantee>NONE</transport-guarantee>

            </user-data-constraint>

</security-constraint>

 

<login-config>

            <auth-method>BASIC</auth-method>

</login-config>

 

3.      Restart the tomcat.

 

 



Thanks & Regards,

Rajakrishna Reddy

No comments:

Post a Comment