Category: ASP General

Configuring Basic Authentication

Container-managed authentication methods control how a user’s credentials are verified when a web app’s protected resource is accessed. When a web application uses basic authentication (BASIC in the web.xml file’s auth-method element), Tomcat uses HTTP basic authentication to ask the web browser for a username and password whenever the browser requests a resource of that protected web application. With this authentication method, all passwords are sent across the network in base64-encoded text.

Just add and elements to your web app’s web.xml file, and add the appropriate and elements to the main /conf/tomcat-users.xml file, restart Tomcat, and Tomcat takes care of the rest. (contact support to add users to the /conf/tomcat-users.xml file and to organise a restart of tomcat)

The example below shows a web.xml excerpt from a private web site with a private subdirectory that is protected using basic authentication.

<-- Define the private area, by defining a "Security Constraint" on this Application, and mapping it to the subdirectory (URL) that we want to restrict. -->

  
    
      Java Application
    
    /members/*
  
  
      member
  

<-- Define the Login Configuration for this Application -->

  BASIC
  Private area Area

JSP

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count: