1

I'm trying to secure my web application in tomcat with web.xml and tomcat-users.xml but it's not working. I've getting 401 error with the correct login and password.

My web.xml security part: 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Web Application</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>myuser</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>myuser</role-name>
</security-role>

<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

My tomcat-users.xml:

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">

    <role rolename="myuser"/>
    <role username="myuser" password="myuser" role="myuser"/>

</tomcat-users>
Improve this question

1 Answer 1

Reset to default
1

I think it missing the http-methods, so you can try adding this:

<http-method>GET</http-method>
<http-method>POST</http-method>

after of <url-pattern>/*</url-pattern> tag

UPDATE

Update your tomcat-users.xml file, change this:

<role username="myuser" password="myuser" role="myuser"/>

for this:

<user username="myuser" password="myuser" role="myuser"/>
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I already tried to do it, the result is the same. Only one change in logs: For security constraints with URL pattern [/*] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
Try to update your tomcat-users.xml file, check the update entry
great! I'm glad I helped

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.