• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

How to password-protect ALL of Tomcat?  RSS feed

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I recently deployed Tomcat with a webapp (Zilverline). I had no problems creating a password protection on the webapp directory (http://localhost:8080/zilverline). But I am unconfortable keeping port 8080 open without password protection. Right now if I just go to http://localhost:8080, it's a blank page because I removed all other webapps for security. But can I password protect just everything?

Thank you.
 
Rancher
Posts: 618
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can't answer your specific question but recommend that you consider using SSL. You see that as https in the browser. The default port for using SSL is 443. Even if you password protect all the applications, the passwords are sent in the clear when you don't use SSL. That is, the passwords are sent as regular text so anyone with a network sniffer can see them.
 
Bartender
Posts: 1845
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can only password protect each seperate web application in its own web.xml file.

So you need to configure a web application that, and has the same configuration settings which disallow access.
Essentially that is a standard web application with its context path set to empty string.

docs link

 
pat larser
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you to both of you!
I was able to VERY EASILY implement SSL using the 2-step process found on Tomcat's site
I also created an empty ROOT webapp that was password protected as well so that *hopefully* nothing should be openly accessible.

Thanks again!
 
Curse your sudden but inevitable betrayal! And this tiny ad too!
ScroogeXHTML - small and flexible RTF to HTML converter library
https://coderanch.com/t/710903/ScroogeXHTML-RTF-HTML-XHTML-converter
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!