O'Reilly logo

Java Servlet & JSP Cookbook by Bruce W. Perry

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

15.3. Using BASIC Authentication

Problem

You want to use BASIC authentication with web components in a Tomcat web application.

Solution

Use the security-constraint, login-config, and security-role elements in the deployment descriptor to protect one or more URLs.

Discussion

BASIC authentication is a security method that has been used with web resources for several years, and all popular browsers support it. This method of authentication involves the transfer of usernames and passwords over a network encoded with the Base64 content-encoding mechanism. Base64 is easy to decode and therefore not very secure. The solution is to combine BASIC authentication with SSL, which will further encrypt the data as it is transferred across the network (see Recipe 15.2).

Here is how setting up BASIC authentication works with web applications that you have installed on Tomcat:

  1. Set up usernames, passwords, and roles in the conf/tomcat-users.xml file described in Recipe 15.1.

  2. Create a security-constraint element in the deployment descriptor (web.xml), specifying the web resources for which you are requiring authentication.

  3. Include a login-config in web.xml; this element has a nested auth-method element that contains the text "BASIC".

Note

When the user requests any of the protected resources, the server sends along a response header that looks like this:

WWW-Authenticate: BASIC Realm="MyRealm"

You are probably familiar with what happens next: the browser displays a standard dialog window requesting the client ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required