How to Add User Authentication on Tomcat

I have seen many people writing their own Login utilities for web application, which is like re-inventing the wheel. Tomcat supports user authentication feature which is a really useful for web applications. Authentication can be plugged in separately into your web application without changing any code.
To setup tomcat user authentication, you need to do the following steps:

1. Create a conf/apps-.xml that contains the following
2. Create a conf/users/appname-users.xml that looks like:
3. Insert the following in the webapps/appname/WEB-INF/web.xml

    
      user-resource
      pages which require login
      *.jsp
      *.html
      GET
      POST
    
    
      Must authenticate before querying the system
      rolename
    
    
      NONE
    
  

  
    BASIC
    default
  

  
    Any user of the system
    rolename
  

Note that you will have to ensure the section points to the roles you created the users at, and you may need to add another section if you have, for example, .event files. The default simply authenticates *.jsp and *.html, both for GET and POST.