Tomcat security constraint for valid user

前端未结

关注

 3  617

北荒 2021-02-06 11:26

I\'m trying to protect a resource in tomcat so that only \"valid users\" (those with a valid login and password in the realm) can access it. They do not necessarily belong to a

3条回答

南旧 (楼主)

2021-02-06 12:24

There are several realm implementation in tomcat - memory, database, JAAS and more. The easiest one to configure (though not the most secure) the memory one, which contains a single XML file, usually under conf/tomcat-users.xml:

The realm configuration is under the context, host or engine configurations, like this:

Then, in the web.xml you put the following definition:

    
            
                    MRC Customer Care
                    /protected/*
            
            
                    role1
            
    

    
    
            DIGEST
            YOUR REALM NAME
    

    
            
              The role that is required to access the application. 
              Should be on from the realm (the tomcat-users.xml file).
            
            role1

The web.xml part is taken (with slight change) from one of our web apps.

0 讨论(0)

查看其它3个回答