You want to use BASIC authentication with web components in a Tomcat web application.
elements in the
deployment descriptor to
protect one or more
BASIC authentication is a security method that has been used with web resources for several years, and all popular browsers support it. This method of authentication involves the transfer of usernames and passwords over a network encoded with the Base64 content-encoding mechanism. Base64 is easy to decode and therefore not very secure. The solution is to combine BASIC authentication with SSL, which will further encrypt the data as it is transferred across the network (see Recipe 15.2).
Here is how setting up BASIC authentication works with web applications that you have installed on Tomcat:
Set up usernames, passwords, and roles in the conf/tomcat-users.xml file described in Recipe 15.1.
When the user requests any of the protected resources, the server sends along a response header that looks like this:
WWW-Authenticate: BASIC Realm="MyRealm"
You are probably familiar with what happens next: the browser displays a standard dialog window requesting the client ...