I have a Tomcat 5.5 server and i deploy a application on it. I have something like this http://tocatServer:8088/MyApp I want to limit the acces of users at this address by putting an username and password, but i need help. I know that i must add roles on web.xml, i try it but without success. If possible i want to send the URL like this http://username:password@tocatServer:8088/MyApp This url is sent from a java swing application for getting license from the serlet Thanks
Asked
Active
Viewed 598 times
1 Answers
2
To restrict the access to a webapp (or to a folder in the webapp URL) in Tomcat:
in webapps/MyApp/WEB-INF/web.xml add
<security-constraint>
<web-resource-collection>
<web-resource-name>
Entire webapp
</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<!-- pay attention: BASIC in insecure, use it only for test, search for a more secure method -->
<auth-method>BASIC</auth-method>
<realm-name>Text reported when prompting the user for un and pw</realm-name>
</login-config>
and in conf/tomcat-users.xml add
<role rolename="member"/>
<user username="bubi" password="bubi" roles="member"/>
Then reload the webapp and maybe restart Tomcat too.
Source: O'Reilly's Top Ten Tomcat Configuration Tips - 5. Configuring Basic Authentication
About the second question, I don't know how to realize it.
bluish
- 26,356
- 27
- 122
- 180