Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
773 views
in Technique[技术] by (71.8m points)

http - Tomcat basic auth

I've got an existing WAR file that is not developed by me. I deploy the application to the Tomcat server and after that it is accessible for everybody. Which is not good. I need to restrict the access to the context with HTTP Basic auth. What is the best way to do that? I do not need any sophisticated user management system I just need a single username and password. Thanks in advance.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Just for those too lazy to go and read. Insert these lines into web.xml:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>
        </web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>manager</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Hudson</realm-name>
</login-config>

It will take roles and passwords from $TOMCAT_HOME/conf/tomcat-users.xml by default (if no other realm is configured in server.xml) and allow only users having role manager.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...