Servlet Basic Authentication Web.xml Configuration

This tutorial introduces how to do Servlet Basic Authentication Web.xml configuration. With basic authentication of a servlet, the web browser presents a standard login dialog that is not customizable. When a user submits his or her name and password, the server determines whether the user name and password are those of an authorized user and sends the requested web resource if the user is authorized to view it. His or her name and password automatically gets Base64 encoded which do not mean that it is safe. Base64 encoding can be easily decrypted. This is eleventh post of series of Java Servlet Tutorial. This series tutorial will provide you full knowledge about Servlet 3.0.

Table of contents:
1. Configure your credentials
2. Authenticated Servlet
3. Not authenticated Servlet
4. Servlet Basic Authentication Web.XML Configuration
5. Deploy Servlet Basic Authentication Annotation Example

Configure your credentials Username/password
We are using Tomcat 8 to do the Servlet Basic Authentication Web.xml configuration. We use tomcat-users.xml file to register a username/password combination with the appropriate row. This file is located at ../apache-tomcat-8.0.33/conf/tomcat-users.xml.

Authenticated Servlet
In this tutorial, the configuration will be configured in web.xml file so it is easy to us for creating servlet class. Here is the Authenticated servlet:

Not authenticated Servlet
We should create a servlet without security such as the example opposite with the Authenticated Servlet

Servlet Basic Authentication Web.XML Configuration
Firstly, we should register two servlets into web.xml and do sercurity configuration such as :

Let’s dig deeper in this xml snippet
We suppose that you know about the servlet registration already and we only focus on the servlet basic authentication configuration. To enable basic authentication for the service, we must add security elements to the application deployment descriptor, web.xml. The security elements that need to be added to the deployment descriptor include the <security-constraint> and <login-config>elements.
Each <security-constraint> element must have one or more <web-resource-collection> elements. These define the area of the Web Application to which this security constraint is applied.

<web-resource-collection>: A list of URL patterns (the part of a URL after the host name and port you want to constrain) and HTTP operations (the methods within the files that match the URL pattern you want to constrain) that describe a set of resources to be protected.

<auth-constraint>: Specifies whether authentication is to be used and names the roles authorized to perform the constrained requests. For more information about authorization constraints
web-resource-name

<login-config> specifies type of authentication that we are going to use. In our case we will configure the BASIC config.

Deploy Servlet Basic Authentication Annotation Example

Make a request with servlet basic authentication by the address URL: http://localhost:8080/servlet-auth-xml/auth

Typing the credentials such as username=javabycode and password=P@ssw0rd then getting the result
Servlet-Basic Authentication Web.Xml Configuration

If you type the incorrect credentials you will get the error such as the screen shot
Servlet Basic Authentication Web.Xml Configuration 401

Make another request without servlet basic authentication by the address URL: http://localhost:8080/servlet-auth/notauth

You will get the result such as
Servlet Basic Authentication Web.Xml Configuration

That’s all on how to do a Servlet Basic Authentication Web.xml Configuration in Java. You can also find other servlet example in the series of Java Servlet Example. Hope that it is useful to you.

Download complete source code, please click link below

Servlet-Basic-Authentication-Xml-Example.zip (46 downloads)

Happy learning!

Leave a Comment

*

Please share it if you found this useful
Hide Buttons