tags:

views:

61

answers:

2
Q: 

jsp: How can I protect a jsp page with a password ?

Hello.

I would like to protect a jsp page with a password that needs to be typed.

In apache i can add a password file to .htaccess but I don't know how to do that in apache tomcat.

thanks

+1  A: 

Complete information is here Apache Tomcat 6 Realm Configuration HOWTO.

The easiest way is to use the MemoryRealm to define the user (name, password and role) in tomcat-users.xml and define the resources you want to protect in your application web.xml.

Guido  2010-08-23 14:56:50
+2  A: 

So, you basically want to put HTTP BASIC authentication on the particular JSP page? Here's a step by step:

  1. First you need to declare the desired rolename, username and password in /conf/tomcat-users.xml.

    <tomcat-users>
    <role rolename="yourrole"/>
    <user username="yourname" password="yourpass" roles="yourrole" />
</tomcat-users>

    (you can append as many <role> and <user> entries as you want; if there are already existing entries, then you just add them inside <tomcat-users>).

  2. Then you need to declare the desired security constraint on the url-pattern of the JSP file along with a login config of BASIC (which stands for HTTP BASIC authentication).

    <security-constraint>
    <web-resource-collection>
        <web-resource-name>A JSP page</web-resource-name>
        <url-pattern>/page.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>yourrole</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

    The /page.jsp should match the context-relative URL of the JSP page. The yourrole should be the same as the rolename as definied in /conf/tomcat-users.xml.

Restart the server, open the JSP page in the browser and use yourname and yourpass to login.

BalusC  2010-08-23 15:29:01

related questions

JSTL/JSP EL (Expression Language) in a non JSP (standalone) context
How do you get an embedded Jetty webserver to dump its interim Java code for JSPs
Usable JSP/Servlet Hosting
Web Scripting for Java
How do i pass an object to a JSP tag
Formatting a long timestamp into a Date with JSTL
In JSTL/JSP, given a java.util.Date, how do I find the next day?
struts2: how to substring in jsp?
How do I get rid of "Cannot resolve property key" in fmt:message tags in JSPs in Intellij
Can I submit a Struts form that references POJO (i.e. not just String or boolean) fields?
How do I HTML Encode all the output in a web application?
How can I replace newline characters using JSP and JSTL?
Embedded custom-tag in dynamic content (nested tag) not rendering.
Importing JavaScript in JSP tags
Free JSP plugin for eclipse?
Which jstl url should I reference in my jsps?
Mixing jsp and jsf
What is the best way to migrate an existing messy webapp to elegant MVC?
How can I set the welcome page to a struts action?
jsp debugging in intellij idea
Problems while submitting a UTF-8 form textarea with JQuery/AJAX
Should I be doing JSPX instead of JSP?
What Web Application Framework for Java is Recommended?
How can I refactor HTML markup out of my property files?
Arrays of Arrays in Java