Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to password-protect ALL of Tomcat?

 
pat larser
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I recently deployed Tomcat with a webapp (Zilverline). I had no problems creating a password protection on the webapp directory (http://localhost:8080/zilverline). But I am unconfortable keeping port 8080 open without password protection. Right now if I just go to http://localhost:8080, it's a blank page because I removed all other webapps for security. But can I password protect just everything?

Thank you.
 
Tom Reilly
Rancher
Posts: 618
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can't answer your specific question but recommend that you consider using SSL. You see that as https in the browser. The default port for using SSL is 443. Even if you password protect all the applications, the passwords are sent in the clear when you don't use SSL. That is, the passwords are sent as regular text so anyone with a network sniffer can see them.
 
Stefan Evans
Bartender
Posts: 1780
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can only password protect each seperate web application in its own web.xml file.

So you need to configure a web application that, and has the same configuration settings which disallow access.
Essentially that is a standard web application with its context path set to empty string.

docs link

 
pat larser
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you to both of you!
I was able to VERY EASILY implement SSL using the 2-step process found on Tomcat's site
I also created an empty ROOT webapp that was password protected as well so that *hopefully* nothing should be openly accessible.

Thanks again!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic