FROMDEV

How to Add User Authentication on Tomcat

I have seen many people writing their own Login utilities for web application, which is like re-inventing the wheel. Tomcat supports user authentication feature which is a really useful for web applications. Authentication can be plugged in separately into your web application without changing any code.
To setup tomcat user authentication, you need to do the following steps:

  1. Create a conf/apps-.xml that contains the following
  2. 
        
                
        
    
    
    
  3. Create a conf/users/appname-users.xml that looks like:
  4.   
    
    
    
  5. Insert the following in the webapps/appname/WEB-INF/web.xml
  6.     
          user-resource
          pages which require login
          *.jsp
          *.html
          GET
          POST
        
        
          Must authenticate before querying the system
          rolename
        
        
          NONE
        
      
    
      
        BASIC
        default
      
    
      
        Any user of the system
        rolename
      
    
    

Note that you will have to ensure the section points to the roles you created the users at, and you may need to add another section if you have, for example, .event files. The default simply authenticates *.jsp and *.html, both for GET and POST.

Exit mobile version