问题描述

我有一个包含三个webapps的Tomcat 6服务器：一个自定义的服务器，如ROOT，Jenkins和Nexus。

I have a Tomcat 6 server containing three webapps: a custom one as ROOT, Jenkins and Nexus.

我想集中保护所有三个（server.xml） ？）使用BASIC身份验证。

I would like to secure all three centrally (server.xml?) using BASIC authentication.

如何在没有修改或配置Web应用程序的情况下实现

How can I achieve this without modifying or configuring the webapps themselves?

推荐答案

首先，我尝试（未成功）在 conf / context.xml 中包含BasicAuthenticator阀门。这似乎没有任何影响。

First I tried (without success) to include the BasicAuthenticator valve in conf/context.xml. This didn't seem to have any effect.

最后我通过将此代码段添加到 conf / web来实现它（保护所有webapps） .xml ：

Finally I got it to work (secured all webapps) by adding this snippet to conf/web.xml :

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Basic Authentication</web-resource-name>
<!--Here wildcard entry defines authentication is needed for whole app -->
            <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>myrole</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

<security-role>
    <description>My role</description>
    <role-name>myrole</role-name>
</security-role>