Home/ Questions/Q 8576321
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T19:53:58+00:00

I have a small application for which I need to implement tomcat authentication. After

  • 0

I have a small application for which I need to implement tomcat authentication. After digging the internet, I found out Realm is the solution. Also I got how to configure my tomcat-users.xml, server.xml and web.xml.
but it is still not working.

I added this code in my web.xml

<security-constraint>
    <web-resource-collection>
    <web-resource-name>hp</web-resource-name>
    <url-pattern>/pages/bill.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>Admin</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
     <auth-method>BASIC</auth-method>>
     <realm-name>default</realm-name>>
 </login-config>

at login-config, I am getting Element ‘login-config’ cannot have character [children], because the type’s content type
is element-only.
What can be the issue ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This question has probably been answered somewhere else on this very website. But here is some help.

    1. Don’t use BASIC (nor DIGEST) authentication, use FORM authentication. This is why: How to force Jetty to ask for credentials with BASIC authentication after invalidating the session?

    2. You probably want to start with (Form authentication &) Memory Realm first (that is, having uers & roles defined in tomcat-users.xml), then maybe have a go with JDBC realm, & finally DatasourceRealm.

    Read Tomcat documentation to have an idea of how this jazz works.

    I wrote some notes about this subject (authentication methods & realms), have a look, should be easier than following tomcat documentation. https://sites.google.com/site/adrienitnotes/java/web-apps-login-system-in-tomcat-container

    • Warning: You will prob start with memory realm, be careful when running Tomcat within Eclipse (Issue with tomcat-user.xml config changes):

    When you create a new server, a set of configuration files are imported (copied) from your Tomcat installation into a corresponding folder under the Servers project in your workspace. Sometimes this file is not updated by eclipse hence your changes are ignored.

    Solution 1: It is recommended to run this type of application by deploying the .war file in Tomcat manually (to run Tomcat outside Eclipse).

    Solution 2: modifying \Servers\Tomcat v7.0 Server at localhost-config\tomcat-users.xml with the relevant changes may fix this.

    • 0