Tomcat implements several realm implementations, memory, database, JAAS and much more. The easiest way to configure (though not the safest) memory file that contains a single XML file is usually found in conf / tomcat-users.xml:
<tomcat-users> <user name="tomcat" password="tomcat" roles="tomcat" /> <user name="role1" password="tomcat" roles="role1" /> <user name="both" password="tomcat" roles="tomcat,role1" /> </tomcat-users>
An area configuration is in context, a host or engine configuration, for example:
<Realm className="org.apache.catalina.realm.MemoryRealm" pathname="conf/tomcat-users.xml" />
Then in web.xml you put the following definition:
<security-constraint> <web-resource-collection> <web-resource-name>MRC Customer Care</web-resource-name> <url-pattern>/protected/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>role1</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>DIGEST</auth-method> <realm-name>YOUR REALM NAME</realm-name> </login-config> <security-role> <description> The role that is required to access the application. Should be on from the realm (the tomcat-users.xml file). </description> <role-name>role1</role-name> </security-role>
Part of web.xml is taken (with slight modifications) from one of our web applications.
David Rabinowitz
source share