-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Bill,
On 10/5/15 3:21 PM, Bill Ross wrote: > Is it possible to set up a site so that you have to log in to > access the site at all, either the static content or the servlet > interface? I have in mind 10-100 users. It seems a simple setup > like .htaccess (httpd only?) would be perfect if it existed and > covered static and servlet. Is this doable in Tomcat? I have been > struggling to get it working in Jetty, but it doesn't seem > well-supported there. Adding to Chuck's reply: if you don't want to set up anything more complicated than ".htaccess" authentication (I think you mean httpasswd, right?), then what you are looking for is a "UserDatabase" resource paired with a "UserDatabaseRealm". If you look at the stock conf/server.xml that ships with Tomcat (8), you'll see that both of those exist and are configured already by default. You just need to modify tomcat-users.xml (also included, with examples which are all commented-out) to define your users. For reference: Configuring the Resource (where the data comes from): http://tomcat.apache.org/tomcat-8.0-doc/jndi-resources-howto.html#UserDa tabase_Resources Configuring the Realm (where the authentication happens): http://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html#UserDatabaseRea lm - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWEyGkAAoJEBzwKT+lPKRYJUEQAMC/2HKmaihmxPmhag7UD/BY 3dTfzbUSKHDtGHv30eiwqyNkPVxZQZPUVskgIDaP7yKX0yv1jLagChjPJ3+Ik2xB huNjC9e8yN43wvdvi4CEhgDClRO1+oCyIAcu97YmVg6y5CGosz2vLXqexdbeh/vv he3WWXwGuAWSeS4ua/dEwmd7jayQIpYJqsESA/HVsNxLkRrh9xVccuV6giOaaFUs Zsw7HGkUnA7aI2MbvjoobqQD8vlazlSpF1juaqalIk+MlEHdQ0/zRXvGInw3VpbQ ozlhiA80SCsPbaZDTylkM34a9o9qttHO2wU/8+HQ6qeEjNet0M/YJpfFUXo8PdE9 oyrIdEv3iMh3ozFKreOOHLxcf2Ib8c77E7HTuvJcVNhxV7wmvO1ide++X/N6KcrL FZezTq7ueDETNLEzGpf2wwDGNfl1gfl8ggZmlm82Hqf3Sl+Znzjo156XfCXdkDvU lASN7ol/v8b8eASi9ePIhYiSRwchQru+5e4c44S8Vo3m833MUxW/6TdgAH0rqN43 YFjuPqAyovIFF2Ge8hf2yV0sxTV2dZ1wRloDsQixyH7T5lb7Yv4uPg7V6c3j9tcY 5xP+29SSsQv3Tn0+oAD/Em9xWsu3dWaCiu2uGCPXMjTGsjOfzYFR/zNlI3pWIFpz jKUE2SvI+HnIL7Anomp1 =IoD+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org