I have Apache Tomcat8 running on a windows server and have multiple webapps deployed inside it.
I am trying to add basic auth to just 1 webapp, so users can continue to use the other apps without having to authenticate against Tomcat, but they will need to authenticate against Tomcat just for this one application.
Is anyone able to help me out here? I’m somewhat of a newbie when it comes to Tomcat config!
The following configuration works, however, this enforces basic auth on all webapps, not just the one I want.
web.xml updates:
<security-role>
<role-name>role1</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
In tomcat-users.xml a single user is configured with role=”role1″
I have tried to change the url-pattern to the following:
<url-pattern>/my-account/*</url-pattern>
However, Tomcat now doesn’t ask for authentication at all here. Basic auth is disabled and no applications require authentication.