Java – password protected applications in Tomcat

Java

I am developing web applications using jsp servlet, and I use Tomcat 7.0 33 as a web container

So my requirement is that every application in Tomcat will be password protected, just as the manager application in Tomcat is protected

So far, I have done the following:

server. In XML

<Realm className="org.apache.catalina.realm.MemoryRealm" />

Tomcat users In XML

<tomcat-users>
    <role rolename="tomcat"/>
    <role rolename="manager-gui"/>
    <role rolename="role1" />

    <user username="tomcat" password="tomcat" roles="role1,tomcat,manager-gui"/>
    <user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>

web. In XML

<security-role>
    <role-name>role1</role-name>
</security-role>
<security-role>
    <role-name>tomcat</role-name>
</security-role>

<security-constraint>
<web-resource-collection>
    <web-resource-name>webappname</web-resource-name>
    <url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
    <role-name>role1</role-name>
    <role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>webappname</realm-name>
</login-config>

When anyone opens the application through the application path, it works normally (it requires a user name and password, and the application accepts role1 or Tomcat for authentication)

But the problem is that suppose I log in as tomcat, a user with all roles, and when the display manager screen lists all the applications deployed on the server, if I try to open mywebapplication, it requires a user name and password again

My question is, if I have assigned all roles to the user tomcat, why do I need to enter a password if I log in as Tomcat? Is there any way to avoid this situation?

Thank you in advance

Solution

<login-config>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>webappname</realm-name>
</login-config>

Basic authentication credentials are organized in the security realm If you provide different real names for all applications, the browser will prompt each application Try using the same name for all of these (if that's what you want)

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>