I have seen many people writing their own Login utilities for web application, which is like re-inventing the wheel. Tomcat supports user authentication feature which is a really useful for web applications. Authentication can be plugged in separately into your web application without changing any code.
To setup tomcat user authentication, you need to do the following steps:
- Create a conf/apps-.xml that contains the following
- Create a conf/users/appname-users.xml that looks like:
- Insert the following in the webapps/appname/WEB-INF/web.xml
user-resource
pages which require login
*.jsp
*.html
GET
POST
Must authenticate before querying the system
rolename
NONE
BASIC
default
Any user of the system
rolename
Note that you will have to ensure the section points to the roles you created the users at, and you may need to add another section if you have, for example, .event files. The default simply authenticates *.jsp and *.html, both for GET and POST.