Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member
0 Kudos

Everytime asked yourself what to do in order to use a basic password pop up as authentication mechanism instead of a form based login (which uses the HTML logon page)? This is how your web.xml file has to look like. (In addition, do not forget to use security constraints on all HTTP methods in the web.xml, as also a security role.)

...

<login-config>

  <auth-method>BASIC</auth-method>

  <realm-name>Put here the name, which appears as header in the basic password pop up</realm-name>

</login-config>

<security-constraint>

  <display-name>Authenticated users only</display-name>

  <web-resource-collection>

    <web-resource-name>root</web-resource-name>

    <url-pattern>/*</url-pattern>

    <http-method>GET</http-method>

    <http-method>POST</http-method>

    <http-method>TRACE</http-method>

    <http-method>DELETE</http-method>

    <http-method>CONNECT</http-method>

    <http-method>PUT</http-method>

    <http-method>HEAD</http-method>

    <http-method>OPTIONS</http-method>

  </web-resource-collection>

  <auth-constraint>

    <description>all</description>

    <role-name>all</role-name>

  </auth-constraint>

  <user-data-constraint>

    <transport-guarantee>NONE</transport-guarantee>

  </user-data-constraint>

</security-constraint>

<security-role>

  <role-name>all</role-name>

</security-role>

...

In addidion, add a security role mapping to your web-j2ee-engine.xml.

...

<security-role-map>

  <role-name>all</role-name>

  <server-role-name>all</server-role-name>

</security-role-map>

...

Labels in this area