Configure Basic Authentication without modifying .war

Question

We are deploying two war files in tomcat's webapps folder, let's say public.war and private.war

We'd like to setup HTTP Basic Authentication only for private.war (not for all deployed war files) but it seems we would have to configure this in the exploded /webapps/private/WEB-INF/web.xml (or modify the war itseld), which we'd like to avoid.

The reason for this is we are retrieving private.war from a 3rd party source and if someone for instance updates it to the latest version our changes to web.xml would be overwritten (right?).

Is there a way to enable Basic Authentication in Tomcat just for one specific context-path from let's say - something like conf/web.xml or another file?

We would especially like to avoid modifying the deployed (or exploded) war file.

@Jarrod The answer you are suggesting is about securing all deployed war files using Basic Authentication, my question is about only securing one specific war file or context path, not all. (I tried to do this using '/private/*' in conf/web.xml but this doesn't seem to work. '/* works fine. — Tadeus Senf, Mar 23 '18 at 21:41
it is all or nothing, you either do it globally or you edit the single war file, or you dive into a reverse proxy like @gusto2 answered — , Mar 25 '18 at 00:25

score 2 · Accepted Answer · answered Mar 23 '18 at 16:26

Is there a way to enable Basic Authentication in Tomcat just for one specific context-path

indeed for that you'd need to modify the application configuration (effectively the war file or deployed files).

We would especially like to avoid modifying the deployed (or exploded) war file

I'd suggest you to enforce the basic authentication on reverse proxy (apache httpd, nginx) if you have one

Elham Jamshidpey · Answer 2 · 2018-03-23T15:37:27.730

-1

You can add a config in $CATALINA_HOME/conf/context.xml and add an environment in it and use it in your source or config files in war files as a ref bean, for example:

context.xml:

<Context>
  ...
  <Environment name="username" value="admin"
      type="java.lang.String"/>
  ...
</Context>

security.xml(in your war file):

<bean>
id="AuthenticationService"
    class="com.core.auth.AuthenticationService">
    <property name="username" >
        <ref bean="username"/>
    </property>

</bean>

edited Mar 23 '18 at 15:37

answered Mar 23 '18 at 15:21

Elham Jamshidpey

45
1
7

Wouldn't this also involve modifying the war file? I'd like to avoid that. – Tadeus Senf Mar 23 '18 at 15:37
You don't need modify war file. just set one time in .xml file in war file and set or change value in context.xml in tomcat/conf – Elham Jamshidpey Mar 23 '18 at 16:51

Configure Basic Authentication without modifying .war

2 Answers2