Menu
I've got an existing WAR file that is not developed by me. I deploy the application to the Tomcat server and after that it is accessible for everybody. Which is not good. I need to restrict the access to the context with HTTP Basic auth. What is the best way to do that? I do not need any sophisticated user management system I just need a single username and password. Thanks in advance.
567
Basic Authentication Notice the database configuration and details of the tables and columns used to identify authenticated users. Add the following to the "$CATALINA_BASE/conf/web. xml" file before the final "web-app" tag. With the config changes in place we need to restart Tomcat.
In Basic authentication, if you try to hit a web application url that is protected and you are currently unauthenticated, a popup window appears and you enter a particular username/password, which gets sent to Tomcat. Tomcat checks to see that the sent username and password match a user entry in tomcat-users.
Definition: Tomcat Realms is an interface for connecting Catalina to a existing database of usernames, passwords and roles to handle application authentication. You can manage your user access and their roles. Roles are grouping of users based on permissions you wish to grant to any group of users.
Just for those too lazy to go and read. Insert these lines into web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>
</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Hudson</realm-name>
</login-config>
It will take roles and passwords from $TOMCAT_HOME/conf/tomcat-users.xml by default (if no other realm is configured in server.xml) and allow only users having role manager.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With