Search code examples
javajsptomcatsecurity-constraint

JSP Tomcat security-constraint always fails

I have the following in my web.xml

<security-constraint>
    <web-resource-collection>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>rolename</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>
<security-role>
    <role-name>rolename</role-name>
</security-role>

And also have the following in my tomcat-users.xml file:

<role rolename="rolename"/>
<user username="username" password="password" roles="rolename"/>

The Authentication Required dialogue box appears when I try to navigate to my localhost site, but even though I enter the correct credentials, the dialogue box just refreshes itself and nothing happens.

Any reason why this isn't working? Doesn't seem as basic as the auth-method suggests.

Solution

  • The setting looks correct, when you use Netbeans when adding the server you configure the existing user and password in the manager or manager-script role, for example if you have:

    enter image description here

    If you using Tomcat server that who comes embedded with Netbeans there is a cache place for Tomcat files, eg:

    C:\Users\user\AppData\Roaming\NetBeans\8.2\apache-tomcat-8.0.27.0_base\conf

    enter image description here

    In case you using Eclipse IDE the cache files tomcat stay in folder:

    C:\projects\workspace\Servers\Tomcat v8.5 Server at localhost-config

    enter image description here