I've got an existing WAR file that is not developed by me. I deploy the application to the Tomcat server and after that it is accessible for everybody. Which is not good. I need to restrict the access to the context with HTTP Basic auth. What is the best way to do that? I do not need any sophisticated user management system I just need a single username and password. Thanks in advance.
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Check O'Reilly's Top Ten Tomcat Tips. Should be sufficent for what you're up to. Tip No. 5 will probably work out for you.
HTH
回答2:
Just for those too lazy to go and read. Insert these lines into web.xml
:
<security-constraint>
<web-resource-collection>
<web-resource-name>
</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Hudson</realm-name>
</login-config>
It will take roles and passwords from $TOMCAT_HOME/conf/tomcat-users.xml
by default (if no other realm is configured in server.xml
) and allow only users having role manager
.