I config my tomcat with the following configuration in the web.xml. So now I secure all webapps in the folder webapps. The user has to authenticate himself, before he can visit the web apps.
<security-constraint>
<web-resource-collection>
<web-resource-name>
My Application
</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>demo123</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Secure Apps</realm-name>
</login-config>
After the user logged in, he can visit the requested web app. My problem: In the web apps the user have to logged in (with Basic authentication), because behind there is a specific server with all server logic. I use REST Webservices to communicate to that server. But I can't call the webservices because it shows me a 401 Unauthorized. If I delete the above configuration in the web.xml, I can call these webservices without problems. Is there a way to secure all webapps in the tomcat another way? I need it because the webapps needs the basic authentication.
For the applications I use spring framework.
我通过更改url模式解决了它。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.