Ping a Specific Port

Question

Jonik

Asked: 2010-10-19 02:06:13 +0800 CST2010-10-19 02:06:13 +0800 CST 2010-10-19 02:06:13 +0800 CST

Quick way to password-protect Tomcat?

772

I'm looking for a quick way to protect a Tomcat instance and all webapps running on it, so that accessing any page requires credentials (simple username/passwd).

I guess Realm is the "proper" way to do it, but that doesn't seem very simple to set up. We would prefer a way where you don't have to change the webapps themselves at all. Anyone know if there's a "quick and dirty" way to achive that?

3 Answers

Voted

Will Glass · Answer 1 · 2010-10-21T02:14:29+08:00

Will Glass

2010-10-21T02:14:29+08:002010-10-21T02:14:29+08:00

A couple of ideas

(1) If you can modify the web.xml of your webapps, just put in a few lines into the web.xml to require basic authentication. The trick is to make sure that the user has been designated a role in the tomcat-users.xml that matches the role defined in the auth-constraint section of the web.xml:

web.xml:

<auth-constraint>
  <role-name>protected</role-name>
</auth-constraint>

tomcat-users.xml:

<tomcat-users>
  <user name="theuser" password="pas" roles="protected" />
</tomcat-users>

(2) If your Tomcat server has an APache httpd server in front of it, it's pretty easy to do this in Apache. In your configuration file, you'll just need to set up something like this:

<Location /webappname>
        AuthType Basic
        AuthName "Protected site"
        AuthUserFile /etc/apache2/passwords
        Require user theuser
</Location>

5

ckliborn · Answer 2 · 2011-12-17T11:48:07+08:00

ckliborn

2011-12-17T11:48:07+08:002011-12-17T11:48:07+08:00

I'd put Apache in front of Tomcat and have that handle the Authentication

Here are some instructions on how to do that using mod_jk

http://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html#s72

Once you have that set up you can use basic Apache Auth or the auth module of your choosing.

4

JoseK · Answer 3 · 2010-10-19T02:35:17+08:00

JoseK

2010-10-19T02:35:17+08:002010-10-19T02:35:17+08:00

Quick and dirty (not recommended for Production) would be a MemoryRealm

MemoryRealm loads information about all users, and their corresponding roles, from $CATALINA_BASE/conf/tomcat-users.xml

Define the Realm within the server.xml inside <Engine> or <Host> and it will apply to all web apps.

1

Quick way to password-protect Tomcat?

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?