Browser Authentication in tomcat server
If we are in development phase of our application and want to deploy application for testing purpose. We need to provide some authentication for accessing our web application, want for make sure that, testing team only can access application. If give browser authentication , unauthorized user not able to access application (even our home page).
Step for creating Browser authentication.
1.
Create user in tomcat server.
For
creating user we need to mention username, password and role in tomcat-users.xml
file. Location of file is :- */conf/tomcat-users.xml .
Example :-
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role
rolename="manager"/>
<user
username="manager" password="m@n@g3r"
roles="manager"/>
<user
username="admin" password="admin_1234" roles="manager"/>
</tomcat-users>
2.
Put authentication entry on web.xml (either in application
web.xml or server web.xml)
Add following
code inside of <web-app> tag in
web.xml file.
<security-constraint>
<web-resource-collection>
<web-resource-name>Rentokil Web App</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE
-->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Rentokil Web App</realm-name>
</login-config>
While we accessing our application one prompt will
come and asking for entering username and password. If we enter current
password it will navigate to our application. If we click cancel button error
msg will show in white page.
No comments:
Post a Comment