I have a Tomcat 6 server containing three webapps: a custom one as ROOT, Jenkins and Nexus.
I would like to secure all three centrally (server.xml?) using BASIC authentication.
How can I achieve this without modifying or configuring the webapps themselves?
First I tried (without success) to include the BasicAuthenticator valve in conf/context.xml. This didn't seem to have any effect.
Finally I got it to work (secured all webapps) by adding this snippet to conf/web.xml :
<security-constraint>
<web-resource-collection>
<web-resource-name>Basic Authentication</web-resource-name>
<!--Here wildcard entry defines authentication is needed for whole app -->
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<description>My role</description>
<role-name>myrole</role-name>
</security-role>