jsp: How can I protect a jsp page with a password?

Question

I would like to protect a jsp page with a password that needs to be typed.

In apache i can add a password file to .htaccess but I don't know how to do that in apache tomcat.

thanks

Answer 1

So, you basically want to put HTTP BASIC authentication on the particular JSP page? Here's a step by step:

1. First you need to declare the desired rolename, username and password in /conf/tomcat-users.xml.

   <tomcat-users>
       <role rolename="yourrole"/>
       <user username="yourname" password="yourpass" roles="yourrole" />
   </tomcat-users>
   

   (you can append as many <role> and <user> entries as you want; if there are already existing entries, then you just add them inside <tomcat-users>).

2. Then you need to declare the desired security constraint on the url-pattern of the JSP file along with a login config of BASIC (which stands for HTTP BASIC authentication).

   <security-constraint>
       <web-resource-collection>
           <web-resource-name>A JSP page</web-resource-name>
           <url-pattern>/page.jsp</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>yourrole</role-name>
       </auth-constraint>
   </security-constraint>
   <login-config>
       <auth-method>BASIC</auth-method>
   </login-config>
   

   The /page.jsp should match the context-relative URL of the JSP page. The yourrole should be the same as the rolename as definied in /conf/tomcat-users.xml.

Restart the server, open the JSP page in the browser and use yourname and yourpass to login.