Win a copy of Penetration Testing Basics this week in the Security forum!
    Bookmark Topic Watch Topic
  • New Topic

BASIC Authentication using memory realm with apache-tomcat5.5 & servlet is not working

pramod pawar
Posts: 3
  • Mark post as helpful
  • send pies
  • Report post to moderator
I am not able to run BASIC authentication with tomcat and Servlet , apps runing like there is no authentication.
i tried every possible way and searched most of links.

Can you guys help me about what am i missing/wrong in my stimulation ?

What i done so far:
1.update server.xml with memory realm.
2.update tomcat-user.xml for username,password & role.
3.add necessary tag in web,xml
4.also tried FORM authentication too but didn't work.

1.Changes in server.xml

<!-- Comment out the old realm but leave here for now in case we
need to go back quickly -->

<Realm className="org.apache.catalina.realm.MemoryRealm" />

<!-- Replace the above Realm with one of the following to get a Realm
stored in a database and accessed via JDBC -->

2.changes in tomcat-user.xml

<?xml version='1.0' encoding='utf-8'?>
<role rolename="member"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="pramod" password="pramod" roles="member"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>


<?xml version="1.0" encoding="UTF-8"?>
<!-- ==================================================================== -->
<!-- -->
<!-- CONFIDENTIAL - Copyright (c) 2005-2006, Webaroo Inc. -->
<!-- All Rights Reserved as an unpublished work. -->
<!-- -->
<!-- ==================================================================== -->
<web-app xmlns="" xmlns:xsi="" xsi:schemaLocation="" version="2.4">



<web-resource-name> RSCPramodPawar </web-resource-name>






The role that is required to log in to the Manager Application


4.Code of Servlet : com/projects/controller/

package com.projects.controller;

import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
public class FirstServlet extends HttpServlet
public void doGet (HttpServletRequest request,HttpServletResponse response)throws ServletException, IOException
String colorChoice = request.getParameter("color");
PrintWriter out = response.getWriter();
out.println("This is doGet method of FirstServlet and choice "+colorChoice);

public void doPost (HttpServletRequest request,HttpServletResponse response)throws ServletException, IOException
PrintWriter out = response.getWriter();
out.println("This is doPost method of FirstServlet");
Bear Bibeault
Author and ninkuma
Posts: 65272
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Report post to moderator
Please do not cross-post the same question in multiple forums. It wastes people's time when multiple redundant conversations take place. Please click this link ⇒ CarefullyChooseOneForum ⇐ for more information.
    Bookmark Topic Watch Topic
  • New Topic