ProblemYou want to create usernames and passwords for authenticating requests for certain web components . SolutionAdd the usernames, passwords, and roles to the tomcat-users .xml file. DiscussionA very easy method of authenticating users with Tomcat involves creating usernames, passwords, and roles in the tomcat-users.xml file. This file is stored in <Tomcat-installation-directory>/conf . Everyone is familiar with usernames and passwords, but what are roles? Roles are logical ways to describe groups of users who have similar responsibilities, such as manager or databaseAdmin . Example 15-1 shows a tomcat-users.xml file that creates two roles and two users with two aptly named XML elements: role and user . Example 15-1. The tomcat-users XML file<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="dbadmin"/> <role rolename="manager"/> <user username="BruceP" password="bwperry" roles="dbadmin,manager"/> <user username="JillH" password="jhayward" roles="manager"/> </tomcat-users> In Example 15-1, the user BruceP is associated with two roles ( dbadmin and manager ), while user JillH is associated only with the manager role. Tomcat uses this file when authenticating users with BASIC and form-based authentication, as described in Recipe 15.3 and Recipe 15.4. See AlsoThe Tomcat documentation and Recipe 15.2 on setting up SSL for use with authentication: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html; Recipe 3.9 on restricting requests for certain servlets; Recipe 15.3 on using BASIC authentication; Recipe 15.4 on using form-based authentication; Recipe 15.5 on logging out a user; Recipe 15.6-Recipe 15.9 on using JAAS. |