The solution you are after is very simple to implement with Tomcat. There are a couple of simple steps that you need to perform, they are detailed below:
1) In your web.xml file for you webapp add lines like the following
<realm-name>Test Secure Area</realm-name>
The url-pattern lines indicate the urls to secure, for example the above will secure ALL files in the admin directory of my webapp (note: you can secure individual files as well)
2. Add you web app context to your server.xml file using a line line <Context path="/security" docBase="d:/jakarta-tomcat-4.0-b3/webapps/securityTest" debug="0" reloadable="true" crosscontext="true" trusted="true" />
3. Now add the usernames/passwords/roles to the tomcat-users.xml file. For example <user name="testuser" password="password" roles="admin" /> will create user called test user with the password, password, and assign them to a role of admin. In the above example they will be able to gain access to the admin directory of your web app. Roles can be comma seperated if a user is of 2 or more roles.
You can also store the users in a JDBC database, but this is a bit more involved. Post again if you want to know how to do this!
Hope this helps
Originally posted by Kevin Wright:
Is there any way that I can add a password functionality to tomcat. For example, I want to create a set of pages that are password-protected. I don't want just a main page to log in to, (but that is my current only option) but I want to be able to send people links to certain pages, and the password authentication pop up when they link to that page...I hope that is clear...
Will you instruct this Jedi-apprentice and peek at this please? http://www.javaranch.com/ubb/Forum11/HTML/001224.html