Configuring Basic Authentication
Container-managed authentication methods control how a user’s credentials are verified when a web app’s protected resource is accessed. When a web application uses basic authentication (BASIC in the web.xml file’s auth-method element), Tomcat uses HTTP basic authentication to ask the web browser for a username and password whenever the browser requests a resource of that protected web application. With this authentication method, all passwords are sent across the network in base64-encoded text.
Just add and elements to your web app’s web.xml file, and add the appropriate and elements to the main /conf/tomcat-users.xml file, restart Tomcat, and Tomcat takes care of the rest. (contact support to add users to the /conf/tomcat-users.xml file and to organise a restart of tomcat)
The example below shows a web.xml excerpt from a private web site with a private subdirectory that is protected using basic authentication.
<-- Define the private area, by defining a "Security Constraint" on this Application, and mapping it to the subdirectory (URL) that we want to restrict. -->
Java Application
/members/*
member
<-- Define the Login Configuration for this Application -->
BASIC
Private area Area
JSP