I am trying to set up Tomcat to password protect an entire webapp, but when I get the password prompt, it's not accepting the username/password I'm providing to it (just keeps prompting for the user/pass over and over), and if I cancel, I get a 401 error.
Any ideas why it's not working? I'm currently using MemoryRealm, but tried UserDatabaseRealm too, replacing the appropriate MemoryRealm realm with the following in server.xml:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
The logs just show "GET / HTTP/1.1" 401 954, and only after I cancel the authentication prompt. Below are my configuration files (with comments removed for brevity)
server.xml:
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.MemoryRealm" />
<Host name="localhost" appBase="/data/www/www.mysite.com/webapps" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" resolveHosts="false"/>
</Host>
</Engine>
</Service>
</Server>
tomcat-users.xml:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="generic"/>
<user username="myself" password="mypassword" roles="generic"/>
</tomcat-users>
web.xml (under /data/www/www.mysite.com/webapps/WEB-INF):
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4">
<display-name>/MySite-RPM_95_ca2f16f912c9dc4aab2a4fcb7c87cb9a1f1bbf04</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>MySite-RPM_95_ca2f16f912c9dc4aab2a4fcb7c87cb9a1f1bbf04</param-value>
</context-param>
<!-- listeners, filters, servlets, welcome-file-list, error-pages, and jsp-config/taglibs snipped for brevity-->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>generic</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Realm</realm-name>
</login-config>
</web-app>
