Most Web systems have permission requirements, and the entire authentication process is understood earlier, and this section describes how to Configure permissions for Web resources in Tomcat. Let's take The example of Tomcat 's default authentication mode , Basic and Default domain userdatabaserealm . See how the entire configuration is done.
First, configure the server.xml file, configure a data source named Userdatabase, and bind the storage file to conf/ Tomcat-users.xml. Then refer to the data source named userdatabase in the realm node, where realm belongs to Engine container level sharing.
<Server>
...
<GlobalNamingResources>
<resource name= "Userdatabase" auth= "Container"
Type= "Org.apache.catalina.UserDatabase"
description= "User database that can be updated and saved"
factory= "Org.apache.catalina.users.MemoryUserDatabaseFactory"
Pathname= "Conf/tomcat-users.xml"/>
</GlobalNamingResources>
...
<Engine>
<realm classname= "Org.apache.catalina.realm.UserDatabaseRealm"
Resourcename= "Userdatabase"/>
</Engine>
...
</Server>
Next, configure the tomcat-users.xml file, define a role called tomcatrole , and then define a user named Tomcat, The password is tomcat user and gives it a tomcatrole role.
<tomcat-users>
<role rolename= "Tomcatrole"/>
<user username= "Tomcat" password= "Tomcat" roles= "Tomcatrole"/>
</tomcat-users>
Finally, you configure the Web . XML file to configure the Web application security Resources under the directory require tomcatrole roles to be accessible. and configured with BASIC authentication mode.
<security-constraint>
<web-resource-collection>
<web-resource-name>security resource</web-resource-name>
<url-pattern>/security/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcatRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>tomcat Manager application</realm-name>
</login-config>
All the above configuration is done to implement the rights authentication function, when the user access to /security/* corresponding resources when the browser will pop up the user name password input box, the user input before you can access. In addition realm and authentication mode can be configured to other types according to the actual situation.
How to make your Web eligible for authorization