aspose file tools*
The moose likes Servlets and the fly likes Tomcat Password Protection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Tomcat Password Protection" Watch "Tomcat Password Protection" New topic
Author

Tomcat Password Protection

Kevin Wright
Ranch Hand

Joined: Jul 10, 2001
Posts: 38
Is there any way that I can add a password functionality to tomcat. For example, I want to create a set of pages that are password-protected. I don't want just a main page to log in to, (but that is my current only option) but I want to be able to send people links to certain pages, and the password authentication pop up when they link to that page...I hope that is clear...
Thanks,
Kevin Wright
Sam Dalton
Author
Ranch Hand

Joined: Jul 26, 2001
Posts: 170
Kevin,
The solution you are after is very simple to implement with Tomcat. There are a couple of simple steps that you need to perform, they are detailed below:
1) In your web.xml file for you webapp add lines like the following
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminResources</web-resource-name>
<url-pattern>admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Secure Area</realm-name>
</login-config>
The url-pattern lines indicate the urls to secure, for example the above will secure ALL files in the admin directory of my webapp (note: you can secure individual files as well)
2. Add you web app context to your server.xml file using a line line <Context path="/security" docBase="d:/jakarta-tomcat-4.0-b3/webapps/securityTest" debug="0" reloadable="true" crosscontext="true" trusted="true" />
3. Now add the usernames/passwords/roles to the tomcat-users.xml file. For example <user name="testuser" password="password" roles="admin" /> will create user called test user with the password, password, and assign them to a role of admin. In the above example they will be able to gain access to the admin directory of your web app. Roles can be comma seperated if a user is of 2 or more roles.
You can also store the users in a JDBC database, but this is a bit more involved. Post again if you want to know how to do this!

Hope this helps
Rgds
Sam
Originally posted by Kevin Wright:
Is there any way that I can add a password functionality to tomcat. For example, I want to create a set of pages that are password-protected. I don't want just a main page to log in to, (but that is my current only option) but I want to be able to send people links to certain pages, and the password authentication pop up when they link to that page...I hope that is clear...

Thanks,
Kevin Wright


<a href="http://www.samjdalton.com" target="_blank" rel="nofollow">Sam Dalton</a>,<br />Co-author of [http://www.amazon.com/exec/obidos/tg/detail/-/1590592255/qid=1068633302//ref=sr_8_xs_ap_i0_xgl14/104-4904002-9274339?v=glance&s=books&n=507846]Professional JSP 2.0[/URL] (October 2003)<br />Co-author of <a href="http://www.amazon.com/exec/obidos/ASIN/1861007701/ref=ase_electricporkchop" target="_blank" rel="nofollow">Professional SCWCD Certification</a><br />Co-author of <a href="http://www.amazon.com/exec/obidos/ASIN/186100561X/ref=ase_electricporkchop" target="_blank" rel="nofollow">Professional Java Servlets 2.3</a>
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

Sam, I can't help but think you are knowledeable in the ways of Application Security.

Will you instruct this Jedi-apprentice and peek at this please? http://www.javaranch.com/ubb/Forum11/HTML/001224.html
Thanks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat Password Protection