| Author |
How to password-protect ALL of Tomcat?
|
pat larser
Greenhorn
Joined: Mar 03, 2011
Posts: 4
|
|
I recently deployed Tomcat with a webapp (Zilverline). I had no problems creating a password protection on the webapp directory (http://localhost:8080/zilverline). But I am unconfortable keeping port 8080 open without password protection. Right now if I just go to http://localhost:8080, it's a blank page because I removed all other webapps for security. But can I password protect just everything?
Thank you.
|
 |
Tom Reilly
Rancher
Joined: Jun 01, 2010
Posts: 618
|
|
|
I can't answer your specific question but recommend that you consider using SSL. You see that as https in the browser. The default port for using SSL is 443. Even if you password protect all the applications, the passwords are sent in the clear when you don't use SSL. That is, the passwords are sent as regular text so anyone with a network sniffer can see them.
|
|
Stefan Evans
Bartender
Joined: Jul 06, 2005
Posts: 1005
|
|
You can only password protect each seperate web application in its own web.xml file.
So you need to configure a web application that, and has the same configuration settings which disallow access.
Essentially that is a standard web application with its context path set to empty string.
docs link
|
|
pat larser
Greenhorn
Joined: Mar 03, 2011
Posts: 4
|
|
Thank you to both of you!
I was able to VERY EASILY implement SSL using the 2-step process found on Tomcat's site
I also created an empty ROOT webapp that was password protected as well so that *hopefully* nothing should be openly accessible.
Thanks again!
|
|
 |
|
|
subject: How to password-protect ALL of Tomcat?
|
|
|
0
