How do I provide basic http authentication for static tomcat webapps without changing tomcat-users.xml?

Question

I have access to the tomcat manager and can upload war-files. One of these wars is a static web project (zipped html + media files, renamed to *.war). I want add a Web-INF/w

Answer 1

I found a solution here: http://wiki.metawerx.net/wiki/SecuringYourSiteWithContainerManagedSecurity

The page describes how to define your own META-INF/context.xml pointing to your own WEB-INF/users.xml. Unfortunately, the link to the users.xml file has to be absolute, and I do not want to make any assumptions on the OS/filesystem paths in my config files.

Here is my current WEB-INF/web.xml:

    SuperCoolTool
    What an awesome app!

    
        manager
    
    
        keyuser
    

    
        
            
                Entire Application
            
            /*
        
        
            keyuser
            manager
        
    

    
        BASIC
        Evaluation Area
    

 

An matching META-INF/context.xml would look like this: