File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes BASIC Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "BASIC Authentication" Watch "BASIC Authentication" New topic

BASIC Authentication

Nick Bour

Joined: May 02, 2013
Posts: 1

I'm trying to do a BASIC Authentication for one of my webapp. I put that code in the web.xml of my webapp :

<url-pattern>/*</url-pattern> //applicable to all urls in the application

This is working great. But as soon as I add that code in the global web.xml to redirect everyone to https it stop working. The webapp is working but it is not asking me for user / password anymore :

<web-resource-name>Protected Context</web-resource-name>

What can I do to have a BASIC Authentication on a specific webapp with a redirect to https on all webapp.

Thank you very much,
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

BASIC authentication isn't actually all that great. Most of us use form-based authentication most of the time. BASIC authentication is considered less secure and logging out of apps may require shutting down the client app (browser), which isn't something I want to do considering how many tabs I typically have open.

One thing to note is transport security and authentication are 2 different things. You don't actually need any sort of authentication just to get TLS (https).

I can't see anything that rings alarm bells in your samples (hint: use the Code button to format stuff like this). Which is why I waited to see if anyone else did. About the only other thing that I can think of is that you check your server.xml connectors. I got burned a while back because a form-based connector was being used when a basic connector should have been (or maybe the other way around. I forget).

An IDE is no substitute for an Intelligent Developer.
I agree. Here's the link:
subject: BASIC Authentication
It's not a secret anymore!