amazon beanstalk tomcat basic authentication

Question

I have an application in java that i have recently migrated to Amazon AWS, Beanstalk with tomcat7 and a MySQL database (RDS).

I want to incorporate the basic Tomcat authentication and I have created the following files under WEB_INF:

web.xml

<security-constraint>
    <display-name>UserConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>UserConstraint</web-resource-name>
        <description/>
        <url-pattern>/text.txt</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>authz-user</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>file</realm-name>
</login-config>
<security-role>
    <description>Application user role</description>
    <role-name>authz-user</role-name>
</security-role>

users.xml

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
    <role rolename="authz-user"/>
    <user username="name" password="pass" roles="authz-user"/>
</tomcat-users>

WEB-INF/.ebextensions/context.xml

<?xml version='1.0' encoding='utf-8'?>
<Context antiJARLocking="true" path="/APPNAME>
    <WatchedResource>WEB-INF/users.xml</WatchedResource>
</Context>

I get the login request but user/pass is not accepted. I arrived to this from different sources, so I am not sure whether how it should be done in this environment. How can I get the users to be accepted? Is ther another way of creating the users?

Answer 1

Several errors found:

.ebextensions folder must be in the ROOT of the web application.

server-update.config file in this folder must contain:

container_commands:
  replace-config:
     command: "cp .ebextensions/tomcat-users.xml /usr/share/tomcat7/conf/tomcat-users.xml"

users.xml renamed as tomcat-users.xml.

Now it works.