Tomcat security constraint for valid user

Ricardo Marimon picture Ricardo Marimon · Jul 7, 2009 · Viewed 12.9k times · Source

I'm trying to protect a resource in tomcat so that only "valid users" (those with a valid login and password in the realm) can access it. They do not necessarily belong to a group in the realm. I have tried with many combinations of the <security-constraint> directive without success. Any ideas?

Answer

Eliecer Leiton picture Eliecer Leiton · May 12, 2010

Besides the auth-constraint you are adding to the security-constraint:

   <auth-constraint>
       <role-name>*</role-name>
   </auth-constraint>

you need specify the security role in the web-app:

    <security-role>
        <role-name>*</role-name>
    </security-role>