Skip to Content

Everytime asked yourself what to do in order to use a basic password pop up as authentication mechanism instead of a form based login (which uses the HTML logon page)? This is how your web.xml file has to look like. (In addition, do not forget to use security constraints on all HTTP methods in the web.xml, as also a security role.)

<login-config>

  <auth-method>BASIC</auth-method>

  <realm-name>Put here the name, which appears as header in the basic password pop up</realm-name>

</login-config>

<security-constraint>

  <display-name>Authenticated users only</display-name>

  <web-resource-collection>

    <web-resource-name>root</web-resource-name>

    <url-pattern>/*</url-pattern>

    <http-method>GET</http-method>

    <http-method>POST</http-method>

    <http-method>TRACE</http-method>

    <http-method>DELETE</http-method>

    <http-method>CONNECT</http-method>

    <http-method>PUT</http-method>

    <http-method>HEAD</http-method>

    <http-method>OPTIONS</http-method>

  </web-resource-collection>

  <auth-constraint>

    <description>all</description>

    <role-name>all</role-name>

  </auth-constraint>

  <user-data-constraint>

    <transport-guarantee>NONE</transport-guarantee>

  </user-data-constraint>

</security-constraint>

<security-role>

  <role-name>all</role-name>

</security-role>

In addidion, add a security role mapping to your web-j2ee-engine.xml.

<security-role-map>

  <role-name>all</role-name>

  <server-role-name>all</server-role-name>

</security-role-map>

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply