• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat Password Protection

 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there any way that I can add a password functionality to tomcat. For example, I want to create a set of pages that are password-protected. I don't want just a main page to log in to, (but that is my current only option) but I want to be able to send people links to certain pages, and the password authentication pop up when they link to that page...I hope that is clear...
Thanks,
Kevin Wright
 
Author
Posts: 170
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Kevin,
The solution you are after is very simple to implement with Tomcat. There are a couple of simple steps that you need to perform, they are detailed below:
1) In your web.xml file for you webapp add lines like the following
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminResources</web-resource-name>
<url-pattern>admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Secure Area</realm-name>
</login-config>
The url-pattern lines indicate the urls to secure, for example the above will secure ALL files in the admin directory of my webapp (note: you can secure individual files as well)
2. Add you web app context to your server.xml file using a line line <Context path="/security" docBase="d:/jakarta-tomcat-4.0-b3/webapps/securityTest" debug="0" reloadable="true" crosscontext="true" trusted="true" />
3. Now add the usernames/passwords/roles to the tomcat-users.xml file. For example <user name="testuser" password="password" roles="admin" /> will create user called test user with the password, password, and assign them to a role of admin. In the above example they will be able to gain access to the admin directory of your web app. Roles can be comma seperated if a user is of 2 or more roles.
You can also store the users in a JDBC database, but this is a bit more involved. Post again if you want to know how to do this!

Hope this helps
Rgds
Sam

Originally posted by Kevin Wright:
Is there any way that I can add a password functionality to tomcat. For example, I want to create a set of pages that are password-protected. I don't want just a main page to log in to, (but that is my current only option) but I want to be able to send people links to certain pages, and the password authentication pop up when they link to that page...I hope that is clear...

Thanks,
Kevin Wright


 
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sam, I can't help but think you are knowledeable in the ways of Application Security.

Will you instruct this Jedi-apprentice and peek at this please? http://www.javaranch.com/ubb/Forum11/HTML/001224.html
Thanks.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic