Tomcat security constraint for valid user

java tomcat web-applications security-constraint
Ricardo Marimon picture Ricardo Marimon · Jul 7, 2009 · Viewed 12.9k times · Source

I'm trying to protect a resource in tomcat so that only "valid users" (those with a valid login and password in the realm) can access it. They do not necessarily belong to a group in the realm. I have tried with many combinations of the <security-constraint> directive without success. Any ideas?

Answer

Eliecer Leiton picture Eliecer Leiton · May 12, 2010

Besides the auth-constraint you are adding to the security-constraint:

   <auth-constraint>
       <role-name>*</role-name>
   </auth-constraint>

you need specify the security role in the web-app:

    <security-role>
        <role-name>*</role-name>
    </security-role>

Related questions

IntelliJ, can't start simple web application: Unable to ping server at localhost:1099

I'm trying to make a simple web app in IntelliJ by following this tutorial: http://wiki.jetbrains.net/intellij/Creating_a_simple_Web_application_for_Tomcat_in_IntelliJ_IDEA_12 I believe my Tomcat is installed correctly since I see the …

Read More
What is the best place to store a configuration file in a Java web application (WAR)?

I create a web application (WAR) and deploy it on Tomcat. In the webapp there is a page with a form where an administrator can enter some configuration data. I don't want to store this data in an DBMS, but …

Read More
Difference between Clustering and Load balancing?

What is the difference between Clustering and Load balancing? I know it is a simple question.But I asked this question to several people, But no one gave reliable answer. Also I googled a lot and can't get an exact …

Read More