views:

61

answers:

2

Hello.

I would like to protect a jsp page with a password that needs to be typed.

In apache i can add a password file to .htaccess but I don't know how to do that in apache tomcat.

thanks

+1  A: 

Complete information is here Apache Tomcat 6 Realm Configuration HOWTO.

The easiest way is to use the MemoryRealm to define the user (name, password and role) in tomcat-users.xml and define the resources you want to protect in your application web.xml.

Guido
+2  A: 

So, you basically want to put HTTP BASIC authentication on the particular JSP page? Here's a step by step:

  1. First you need to declare the desired rolename, username and password in /conf/tomcat-users.xml.

    <tomcat-users>
        <role rolename="yourrole"/>
        <user username="yourname" password="yourpass" roles="yourrole" />
    </tomcat-users>
    

    (you can append as many <role> and <user> entries as you want; if there are already existing entries, then you just add them inside <tomcat-users>).

  2. Then you need to declare the desired security constraint on the url-pattern of the JSP file along with a login config of BASIC (which stands for HTTP BASIC authentication).

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>A JSP page</web-resource-name>
            <url-pattern>/page.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>yourrole</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>
    

    The /page.jsp should match the context-relative URL of the JSP page. The yourrole should be the same as the rolename as definied in /conf/tomcat-users.xml.

Restart the server, open the JSP page in the browser and use yourname and yourpass to login.

BalusC