This week's book / license giveaways are in the JDBC and Relational Databases and Java in General forums.
We're giving away four copies each of PostGIS in Action and Java Advanced Topics Training and have the authors on-line!
See this thread and this one for details.
The moose likes Tomcat and the fly likes BASIC Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Products » Tomcat
Bookmark "BASIC Authentication" Watch "BASIC Authentication" New topic

BASIC Authentication

Nick Bour

Joined: May 02, 2013
Posts: 1

I'm trying to do a BASIC Authentication for one of my webapp. I put that code in the web.xml of my webapp :

<url-pattern>/*</url-pattern> //applicable to all urls in the application

This is working great. But as soon as I add that code in the global web.xml to redirect everyone to https it stop working. The webapp is working but it is not asking me for user / password anymore :

<web-resource-name>Protected Context</web-resource-name>

What can I do to have a BASIC Authentication on a specific webapp with a redirect to https on all webapp.

Thank you very much,
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16600

BASIC authentication isn't actually all that great. Most of us use form-based authentication most of the time. BASIC authentication is considered less secure and logging out of apps may require shutting down the client app (browser), which isn't something I want to do considering how many tabs I typically have open.

One thing to note is transport security and authentication are 2 different things. You don't actually need any sort of authentication just to get TLS (https).

I can't see anything that rings alarm bells in your samples (hint: use the Code button to format stuff like this). Which is why I waited to see if anyone else did. About the only other thing that I can think of is that you check your server.xml connectors. I got burned a while back because a form-based connector was being used when a basic connector should have been (or maybe the other way around. I forget).

Customer surveys are for companies who didn't pay proper attention to begin with.
I agree. Here's the link:
subject: BASIC Authentication