I have seen many people writing their own Login utilities for web application, which is like re-inventing the wheel. Tomcat supports user authentication feature which is a really useful for web applications. Authentication can be plugged in separately into your web application without changing any code.
To setup tomcat user authentication, you need to do the following steps:
- Create a conf/apps-.xml that contains the following
- Create a conf/users/appname-users.xml that looks like:
- Insert the following in the webapps/appname/WEB-INF/web.xml
user-resource pages which require login *.jsp *.html GET POST Must authenticate before querying the system rolename NONE BASIC default Any user of the system rolename
Note that you will have to ensure the section points to the roles you created the users at, and you may need to add another section if you have, for example, .event files. The default simply authenticates *.jsp and *.html, both for GET and POST.