0

I'm trying to get familiar with TomEE, or at least TomCat 7 that is used in an older application I'm currently working.

In the tomcat location there is a web.xml. As far as I understood this is used for all servlets that have no own web.xml, right? Or will this be also used for those servlets that have an own one?

Not sure about the hierachy of this configuration files.

Tried to get a basic authentication working for a module that can be assigned by a url like \localhost:8080\AB The tomcat-users for \localhost:8080\manager is working fine. But can't get an login for \localhost:8080\AB

I tried modify the web.xml like: 

<security-role>
 <role-name>users</role-name>
</security-role>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>basic demo resource</web-resource-name>
        <url-pattern>\AB\*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>users</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

But still no login is required for accessing this servlet.

Than I found out, that there is another web.xml in this Java project, which I also tried to modify with the code above. I know I'm doing something wrong, but don't get what it is right now.

The role "users" was created in tomcat-users.xml and a user is also assigned to that group.

kenorb
  • 155,785
  • 88
  • 678
  • 743
flix
  • 15
  • 4

2 Answers2

0

You have define only security constraint not roles. You need to define tomcat user and crossponding roles like.

<tomcat-users>
    <role rolename="AB"/>  <!-- you have to define all roles -->
    <user username="myname" password="mypassword" roles="AB"/> 
    <!-- you have to assign login and roles -->
 </tomcat-users>
DHARMENDRA SINGH
  • 607
  • 5
  • 21
  • I have already added a role and user in the tomcat-users.xml which is located in the tomcat directory. so the role "users" and a user in this role exists. Or does it not work if I define it in the tomcat-users.xml and try to access the role from my web.xml that is included in the project. This is what the tag does, right? – flix Dec 18 '17 at 09:54
0

The web.xml in the tomcat directory contains the default settings. A webapp can override definitions in its own web.xml.

To access to /AB you need:

  • to use FORWARD slashes: <url-pattern>/AB/*</url-pattern>
  • to have a user with role users in your user database
  • to enter the username and password in the login popup dialog.
Maurice Perry
  • 9,261
  • 2
  • 12
  • 24
  • ok, modified the url with forward slashes. This must be enough to get a login prompt, right? of course, it would only work if role and users are definied, but login prompt should be appearing. And this is not the case right now. How do I get the users in the user db? By using the tomcat-users.xml in the tomcat directory? – flix Dec 18 '17 at 09:50
  • What type of realm are you using? – Maurice Perry Dec 18 '17 at 09:52
  • Haven't defined anything for that. Realm in server.xml seems to be default. – flix Dec 18 '17 at 10:28