Kevin,
The solution you are after is very simple to implement with Tomcat. There are a couple of simple steps that you need to perform, they are detailed below:
1) In your web.xml file for you webapp add lines like the following
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminResources</web-resource-name>
<url-pattern>admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>
Test Secure Area</realm-name>
</login-config>
The url-pattern lines indicate the urls to secure, for example the above will secure ALL files in the admin directory of my webapp (note: you can secure individual files as well)
2. Add you web app context to your server.xml file using a line line <Context path="/security" docBase="d:/jakarta-tomcat-4.0-b3/webapps/securityTest" debug="0" reloadable="true" crosscontext="true" trusted="true" />
3. Now add the usernames/passwords/roles to the tomcat-users.xml file. For example <user name="testuser" password="password" roles="admin" /> will create user called test user with the password, password, and assign them to a role of admin. In the above example they will be able to gain access to the admin directory of your web app. Roles can be comma seperated if a user is of 2 or more roles.
You can also store the users in a
JDBC database, but this is a bit more involved. Post again if you want to know how to do this!
Hope this helps
Rgds
Sam
Originally posted by Kevin Wright:
Is there any way that I can add a password functionality to tomcat. For example, I want to create a set of pages that are password-protected. I don't want just a main page to log in to, (but that is my current only option) but I want to be able to send people links to certain pages, and the password authentication pop up when they link to that page...I hope that is clear...
Thanks,
Kevin Wright