Recipe 15.1 Creating Users and Passwords with Tomcat

Problem

You want to create usernames and passwords for authenticating requests for certain web components .

Solution

Add the usernames, passwords, and roles to the tomcat-users .xml file.

Discussion

A very easy method of authenticating users with Tomcat involves creating usernames, passwords, and roles in the tomcat-users.xml file. This file is stored in <Tomcat-installation-directory>/conf .

Everyone is familiar with usernames and passwords, but what are roles? Roles are logical ways to describe groups of users who have similar responsibilities, such as manager or databaseAdmin . Example 15-1 shows a tomcat-users.xml file that creates two roles and two users with two aptly named XML elements: role and user .

Example 15-1. The tomcat-users XML file

 <?xml version='1.0' encoding='utf-8'?> <tomcat-users>   <role rolename="dbadmin"/>   <role rolename="manager"/>   <user username="BruceP" password="bwperry" roles="dbadmin,manager"/>   <user username="JillH" password="jhayward" roles="manager"/> </tomcat-users> 

In Example 15-1, the user BruceP is associated with two roles ( dbadmin and manager ), while user JillH is associated only with the manager role. Tomcat uses this file when authenticating users with BASIC and form-based authentication, as described in Recipe 15.3 and Recipe 15.4.

See Also

The Tomcat documentation and Recipe 15.2 on setting up SSL for use with authentication: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html; Recipe 3.9 on restricting requests for certain servlets; Recipe 15.3 on using BASIC authentication; Recipe 15.4 on using form-based authentication; Recipe 15.5 on logging out a user; Recipe 15.6-Recipe 15.9 on using JAAS.