Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

password protected application in tomcat

Tags:

java

deployment

tomcat

web.xml

I am developing a web application using(JSP + Servlet), and I have used Tomcat 7.0.33 as a web container.

So my requirement is that each application in tomcat will be password protected like the manager application in tomcat is protected.

So far I have done following:

server.xml

<Realm className="org.apache.catalina.realm.MemoryRealm" />

tomcat-users.xml

<tomcat-users>
    <role rolename="tomcat"/>
    <role rolename="manager-gui"/>
    <role rolename="role1" />

    <user username="tomcat" password="tomcat" roles="role1,tomcat,manager-gui"/>
    <user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>

web.xml

<security-role>
    <role-name>role1</role-name>
</security-role>
<security-role>
    <role-name>tomcat</role-name>
</security-role>

<security-constraint>
<web-resource-collection>
    <web-resource-name>webappname</web-resource-name>
    <url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
    <role-name>role1</role-name>
    <role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>webappname</realm-name>
</login-config>

It works fine when anyone opens the application by application path(it asks for username & password, and application accepts either of the role1 or tomcat for authentication).

But the Issue is that suppose if I login as a user tomcat who has got all roles, and when the manager screen is shown which lists all the application deployed on the server, then if I try to open mywebapplication then it again asks for username and password.

My question is that if I have assigned all the roles to the user tomcat then why it asks for password if I have login as tomcat? is there any way to avoid this?

Thanks in advance.

like image 991
Bhushan Avatar asked Oct 22 '22 14:10

Bhushan

1 Answers

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>webappname</realm-name>
</login-config>

Basic Auth credentials are organized in "Security Realms". If you give all your apps different Realm-Names, the browser will prompt for each. Try using the same name for all of them (if that is what you want).

like image 149
Thilo Avatar answered Oct 24 '22 05:10

Thilo
Sign in to Comment

Related questions

How to convert H.264 UDP packets to playable media stream or file (defragmentation)
Spring Bean Custom Scope JMS
Java App on Mac OS X not printing fonts correctly
Android save camera picture to local storage
Finding wheather the mysql query performed a update or insert
Crucible REST API: Can't add reviewer
libgdx - How to draw some pixel
Java validate image header
file.canWrite(); file.canRead(); file.canExceute(); always return true though my file/directory had no access rights
Scanner.findInLine() leaks memory massively

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!