步骤一,tomcat的conf目录下tomcat-users.xml内容如下:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="xiaolu" password="xiaolu" roles="admin,manager"/>
</tomcat-users>
步骤二,在web.xml中增加如下内容:
<security-constraint>
<web-resource-collection>
<web-resource-name>xiaolu</web-resource-name>
<url-pattern>/xiaolu/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>input authentication message</realm-name>
</login-config>
这样配置完成后,当我们访问.../xiaolu中的任何内容都会要求输入密码认证信息,认证时输入tomcat-users.xml配置的admin权限的用户名和密码即可访问(这里就只有xiaolu用户名可以访问)