Tomcat basic auth

Question

I\'ve got an existing WAR file that is not developed by me. I deploy the application to the Tomcat server and after that it is accessible for everybody. Which is not good. I

Answer 1

Just for those too lazy to go and read. Insert these lines into web.xml:

    
        
        
        /*
    
    
        manager
    


    BASIC
    Hudson

It will take roles and passwords from $TOMCAT_HOME/conf/tomcat-users.xml by default (if no other realm is configured in server.xml) and allow only users having role manager.