Container Managed Security in tomcat 7
Resources within web application can be secured with declarative syntax in the web.xml. This is the easiest way to implement security layer for your web application. Three steps to add security to your web application Ø prepare deployment descriptor with security elements Ø define roles and user credentials in the conf/tomcat-users.xml (in memory) Ø add realm value in the conf/services.xml Prepare deployment descriptor with security elements There are three direct child elements for <web-app> root element which does this functionality inside the web.xml 1. <security-constraint> 2. <login-config> 3. <security-role> 1. security-constraint : A security constraint is used to define the access privileges to a collection of resources using their URL mapping. The following elements can be part of a security constraint: i. Web-resource-collection : here we need to spe