You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bill Ross <ro...@cgl.ucsf.EDU> on 2015/10/05 21:21:22 UTC
configuring login for static content and Servlets
Is it possible to set up a site so that you have to log in to access the site at all, either the static content or the servlet interface? I have in mind 10-100 users. It seems a simple setup like .htaccess (httpd only?) would be perfect if it existed and covered static and servlet. Is this doable in Tomcat? I have been struggling to get it working in Jetty, but it doesn't seem well-supported there.
Thanks,
Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: configuring login for static content and Servlets
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Bill Ross [mailto:ross@cgl.ucsf.EDU]
> Subject: configuring login for static content and Servlets
> Is it possible to set up a site so that you have to log in to access the site at all,
> either the static content or the servlet interface?
Read the "Specifying Security Constraints" section of the servlet spec (13.8 in the current version) to see how to protect all resources in a webapp. If you want to protect all webapps, you can put the config statements in Tomcat's conf/web.xml file, and they will be automatically included in each webapp.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: configuring login for static content and Servlets
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Bill,
On 10/5/15 3:21 PM, Bill Ross wrote:
> Is it possible to set up a site so that you have to log in to
> access the site at all, either the static content or the servlet
> interface? I have in mind 10-100 users. It seems a simple setup
> like .htaccess (httpd only?) would be perfect if it existed and
> covered static and servlet. Is this doable in Tomcat? I have been
> struggling to get it working in Jetty, but it doesn't seem
> well-supported there.
Adding to Chuck's reply: if you don't want to set up anything more
complicated than ".htaccess" authentication (I think you mean
httpasswd, right?), then what you are looking for is a "UserDatabase"
resource paired with a "UserDatabaseRealm".
If you look at the stock conf/server.xml that ships with Tomcat (8),
you'll see that both of those exist and are configured already by
default. You just need to modify tomcat-users.xml (also included, with
examples which are all commented-out) to define your users.
For reference:
Configuring the Resource (where the data comes from):
http://tomcat.apache.org/tomcat-8.0-doc/jndi-resources-howto.html#UserDa
tabase_Resources
Configuring the Realm (where the authentication happens):
http://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html#UserDatabaseRea
lm
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWEyGkAAoJEBzwKT+lPKRYJUEQAMC/2HKmaihmxPmhag7UD/BY
3dTfzbUSKHDtGHv30eiwqyNkPVxZQZPUVskgIDaP7yKX0yv1jLagChjPJ3+Ik2xB
huNjC9e8yN43wvdvi4CEhgDClRO1+oCyIAcu97YmVg6y5CGosz2vLXqexdbeh/vv
he3WWXwGuAWSeS4ua/dEwmd7jayQIpYJqsESA/HVsNxLkRrh9xVccuV6giOaaFUs
Zsw7HGkUnA7aI2MbvjoobqQD8vlazlSpF1juaqalIk+MlEHdQ0/zRXvGInw3VpbQ
ozlhiA80SCsPbaZDTylkM34a9o9qttHO2wU/8+HQ6qeEjNet0M/YJpfFUXo8PdE9
oyrIdEv3iMh3ozFKreOOHLxcf2Ib8c77E7HTuvJcVNhxV7wmvO1ide++X/N6KcrL
FZezTq7ueDETNLEzGpf2wwDGNfl1gfl8ggZmlm82Hqf3Sl+Znzjo156XfCXdkDvU
lASN7ol/v8b8eASi9ePIhYiSRwchQru+5e4c44S8Vo3m833MUxW/6TdgAH0rqN43
YFjuPqAyovIFF2Ge8hf2yV0sxTV2dZ1wRloDsQixyH7T5lb7Yv4uPg7V6c3j9tcY
5xP+29SSsQv3Tn0+oAD/Em9xWsu3dWaCiu2uGCPXMjTGsjOfzYFR/zNlI3pWIFpz
jKUE2SvI+HnIL7Anomp1
=IoD+
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org