Our tomcat-users.xml file is shown below. If we have a match (username/password/role), the user gains access to the application resource. Tomcat checks to see that the sent username and password match a user entry in tomcat-users.xml, and it makes sure that the user's tomcat-users.xml role (or roles) match the role (or roles) that have access to your web application resource, which is specified in your web.xml W file. In Basic authentication, if you try to hit a web application url that is protected and you are currently unauthenticated, a popup window appears and you enter a particular username/password, which gets sent to Tomcat. With Basic authentication (with and without SSL), your name and password do get automatically Base64- encoded, which is better than having the name and password cross the network in plaintext, but Base64 is 'encoding', not 'encryption', and it can be easily decoded, as we will show in this tutorial. However, if you use plain HTTP, your name and password can be intercepted by monitoring network communication, so I recommend using HTTP with SSL (HTTPS) if you do any kind of authentication with your web application so that your name and password are encrypted. Setting up your web application to do Basic authentication with Tomcat S W is quite easy.
0 kommentar(er)
