Configuring Basic Authentication#

Container-managed authentication methods control how a user's credentials are verified when a web app's protected resource is accessed. When a web application uses basic authentication (BASIC in the web.xml file's auth-method element), Tomcat uses HTTP basic authentication to ask the web browser for a username and password whenever the browser requests a resource of that protected web application. With this authentication method, all passwords are sent across the network in base64-encoded text.

Just add <security-constraint> and <login-config> elements to your web app's web.xml file, and add the appropriate <role> and <user> elements to the main /conf/tomcat-users.xml file, restart Tomcat, and Tomcat takes care of the rest. (contact support to add users to the /conf/tomcat-users.xml file and to organise a restart of tomcat)

The example below shows a web.xml excerpt from a private web site with a private subdirectory that is protected using basic authentication.

  Define the private area, by defining
  a "Security Constraint" on this Application, and
  mapping it to the subdirectory (URL) that we want
  to restrict.
      Java Application
<!-- Define the Login Configuration for this Application -->
  <realm-name>Private area Area</realm-name>

Back to JSP

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 24-May-2017 15:30 by UnknownAuthor
G’day (anonymous guest) My Prefs
  • View Page Source
  • This clear IPSec security association,
    clear ipsec sa peer X.X.X.X

All Pages

Page views: 2398

Private Tomcat




SQL Server




Web Mail

Windows Plesk

Linux Plesk




Persits ASPUpload

Wiki Help

Referring Pages:

JSPWiki v2.8.1