My application expose web applications using Tomcat Embedded.
It is secured using username and password authentication. From my web.xml
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>BMC Application Diagnostics Portal Console</realm-name>
</login-config>
I'm implementing my own Realm and I'm configuring it in my Tomcat instance:
_tomcat.setDefaultRealm(new MyRealm());
Everything worked just fine, until I had to upgrade tomcat's version (to 7.0.30 minimum). After upgrading both tomcat-embed-core.jar and tomcat-embed-jasper.jar I just can't access my web application.
The authentication window pops up, I insert my username and password but it fail to login (seems like username\password incorrect behavior).
I didn't change nothing in my code! If I swap the jars back to 7.0.22 everything works just fine.
BTW, setDefaultRealm() is deprecated, I don't know if it helps.
If someone had this problem before or has an idea how to handle this it would be great.
Thanks
Found the answer here. Since version 7.0.24 Realm should be set to Engine, as follows:
_tomcat.getEngine().setRealm(new MyRealm());