1

I have a small application for which I need to implement tomcat authentication. After digging the internet, I found out Realm is the solution. Also I got how to configure my tomcat-users.xml, server.xml and web.xml. but it is still not working.

I added this code in my web.xml

<security-constraint>
    <web-resource-collection>
    <web-resource-name>hp</web-resource-name>
    <url-pattern>/pages/bill.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>Admin</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
     <auth-method>BASIC</auth-method>>
     <realm-name>default</realm-name>>
 </login-config>

at login-config, I am getting Element 'login-config' cannot have character [children], because the type's content type is element-only. What can be the issue ?

BillHaggerty
  • 6,157
  • 10
  • 35
  • 68
unbesiegbar
  • 471
  • 2
  • 7
  • 19

3 Answers3

4

Your XML is invalid - you have two ">" chars

Correct the end of the data from 

<login-config>
     <auth-method>BASIC</auth-method>>
     <realm-name>default</realm-name>>
 </login-config>

to 

<login-config>
     <auth-method>BASIC</auth-method>
     <realm-name>default</realm-name>
 </login-config>

I'm not sure what error tomcat will give for your invalid xml, but it certainly won't work as it is.

AntonPiatek
  • 823
  • 6
  • 11
3

This question has probably been answered somewhere else on this very website. But here is some help.

  1. Don't use BASIC (nor DIGEST) authentication, use FORM authentication. This is why: How to force Jetty to ask for credentials with BASIC authentication after invalidating the session?

  2. You probably want to start with (Form authentication &) Memory Realm first (that is, having uers & roles defined in tomcat-users.xml), then maybe have a go with JDBC realm, & finally DatasourceRealm.

Read Tomcat documentation to have an idea of how this jazz works.

I wrote some notes about this subject (authentication methods & realms), have a look, should be easier than following tomcat documentation. https://sites.google.com/site/adrienitnotes/java/web-apps-login-system-in-tomcat-container

  • Warning: You will prob start with memory realm, be careful when running Tomcat within Eclipse (Issue with tomcat-user.xml config changes):

When you create a new server, a set of configuration files are imported (copied) from your Tomcat installation into a corresponding folder under the Servers project in your workspace. Sometimes this file is not updated by eclipse hence your changes are ignored.

Solution 1: It is recommended to run this type of application by deploying the .war file in Tomcat manually (to run Tomcat outside Eclipse).

Solution 2: modifying \Servers\Tomcat v7.0 Server at localhost-config\tomcat-users.xml with the relevant changes may fix this.

Community
  • 1
  • 1
Adriano
  • 19,463
  • 19
  • 103
  • 140
1

I happened to stumble on this old question, you have probably solved the problem a long time ago but I thought I could provide an answer anyway.

You have extra > characters after </auth-method> and </realm-name>. Removing those should solve the problem.

Jens Borgland
  • 753
  • 4
  • 15