Home/ Questions/Q 1017625
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T10:44:00+00:00

I would like to protect a jsp page with a password that needs to

  • 0

I would like to protect a jsp page with a password that needs to be typed.

In apache i can add a password file to .htaccess but I don’t know how to do that in apache tomcat.

thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So, you basically want to put HTTP BASIC authentication on the particular JSP page? Here’s a step by step:

    1. First you need to declare the desired rolename, username and password in /conf/tomcat-users.xml.

      <tomcat-users>
    <role rolename="yourrole"/>
    <user username="yourname" password="yourpass" roles="yourrole" />
</tomcat-users>

      (you can append as many <role> and <user> entries as you want; if there are already existing entries, then you just add them inside <tomcat-users>).

    2. Then you need to declare the desired security constraint on the url-pattern of the JSP file along with a login config of BASIC (which stands for HTTP BASIC authentication).

      <security-constraint>
    <web-resource-collection>
        <web-resource-name>A JSP page</web-resource-name>
        <url-pattern>/page.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>yourrole</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

      The /page.jsp should match the context-relative URL of the JSP page. The yourrole should be the same as the rolename as definied in /conf/tomcat-users.xml.

    Restart the server, open the JSP page in the browser and use yourname and yourpass to login.

    • 0