Tomcat basic authentication with username and password

To enable basic authentication with tomcat we need to tweak 2 xml file.

  • tomcat-users.xml in TOMCAT_HOME/conf/
  • web.xml in your webapp for which you want to enable basic authentication.

Add following lines of code in tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
  <role rolename="tomcat"/>
  <user username="myname" password="mypassword" roles="tomcat"/>

where myname is username and password is the password for the user. You can change the rolename, username, and password as you wish.

In web.xml of you webapp add following lines of code:

                      Wildcard means whole app requires authentication

		<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->


If you see above config we specified role-name. We can define multiple role names in tomcat-user.xml. Each role name will have a different user name and password.

After you done with changes restart tomcat and access your webapp for testing, it should ask for authentication.


By Sandeep Posted in tomcat

6 comments on “Tomcat basic authentication with username and password

    • thanks for the article. i implemented above mentioned steps . when i give index.jsp url in browser i am getting authentication screen but when i feed the username and password as per tomcat-users.xml. login not successful. since I am using tomcat 8 I used as mentioned by shivkumar.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s