# [KIND OF SOLVED] Tomcat servlet doesn't ask password

## candamil

Hi, guys, I hope you can help me. 

I am implementing a servlet application in tomcat, which should ask for a password when connecting. I think it's properly configured, but it doesn't ask for the damn password. This is what I have:

Tomcat users:

```

<tomcat-users>

 <role rolename="user"/>

  <role rolename="admin"/>

  <role rolename="manager"/>

  <user username="admin" password="********" roles="admin/>

  <user username="manager" password="*********" roles="manager/>                                      

  <user username="user" password="********" roles="user"/>                                          

</tomcat-users>

```

Server.xml (just the end, the rest is default)

```

        <!-- Access log processes all example.

             Documentation at: /docs/config/valve.html

             Note: The pattern used is equivalent to using pattern="common" -->

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"

               prefix="localhost_access_log." suffix=".txt"

               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

        <Context path="/"

        docBase="/var/lib/tomcat7/webapps/smartgrid"

        crossContext="true"

        debug="0"

        reloadable="true" >

        </Context>

      </Host>

    </Engine>

  </Service>

</Server>

```

web.xml in my servlet:

```

<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE web-app 

    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" 

    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app version="2.4">

 <display-name>Smartgrid Webserver</display-name>

 <description>Web frontend for smartgrid system</description>

<servlet>

   <servlet-name>Main</servlet-name>

   <description>Main page</description>

   <servlet-class>Main</servlet-class>

</servlet>

<servlet-mapping>

   <servlet-name>Main</servlet-name>

   <url-pattern> /</url-pattern>   

</servlet-mapping>

<!-- Define a security constraint on this application -->

<security-constraint>

  <web-resource-collection>

    <web-resource-name>Entire Application</web-resource-name>

    <url-pattern>/*</url-pattern>

  </web-resource-collection>

  <auth-constraint>

    <!-- This role is not in the default user directory -->

    <role-name>user</role-name>

  </auth-constraint>

</security-constraint>

  <!-- Define the Login Configuration for this Application -->

  <login-config>

    <auth-method>BASIC</auth-method>

    <realm-name>Tomcat Manager Application</realm-name>

  </login-config>

  <!-- Security roles referenced by this web application -->

  <security-role>

    <description>

      The role that is required to log in to the Manager Application

    </description>

    <role-name>user</role-name>

  </security-role>

</web-app>

```

I have seen a couple of HOW-TO's, but I have already done what it says in everyone, so I don't know what can be the problem. Any idea?

Thanks.Last edited by candamil on Thu May 17, 2012 6:25 am; edited 1 time in total

----------

## ShadowCat8

Greetings,

The one thing I see missing from what I know of Tomcat and how it works (that being versions 4.x.x through 6.x.x) is Realm.

Where are you defining the Security Realm parameters in server.xml?

HTH.  Let us know.

----------

## candamil

Hi, thanks for your answer. These are the Realm parameters in my server.xml file:

```

      <Realm className="org.apache.catalina.realm.LockOutRealm">

        <!-- This Realm uses the UserDatabase configured in the global JNDI

             resources under the key "UserDatabase".  Any edits

             that are performed against this UserDatabase are immediately

             available for use by the Realm.  -->

        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"

               resourceName="UserDatabase"/>

      </Realm>

```

It's default. I tried to change the path of the applet from / to /dir and now it asks for a password, but I would like it to ask it in /. Not only that, but also it doesn't recognize any user. It doesn't work either for the manager application. It asks for a password, but it doesn't recognize any of my users.

----------

## candamil

Finally I was able to get it working rewriting the files from scratch (maybe some problems with charset or something like that, I don't know).

Anyway, it ask for password and identifies correctly when the path for the servlet is /anything:

```

        <Context path="/anything"

        privileged="true"

        docBase="/var/lib/tomcat7/webapps/myservlet"

        crossContext="true"

        debug="0"

        reloadable="true" >

        </Context>

```

but it doesn't work if I change that /anything and use "/". This is the web.xml file at this moment:

```

<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE web-app 

        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"

        "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app version="2.4">

        <display-name>Smartgrid Webserver</display-name>

        <description>Web frontend for smartgrid system</description>

        <servlet>

                <servlet-name>Main</servlet-name>

                <description>Main page</description>

                <servlet-class>Main</servlet-class>

        </servlet>

        <servlet-mapping>

                <servlet-name>Main</servlet-name>

                <url-pattern>/</url-pattern>

        </servlet-mapping>

        <security-constraint>

                <web-resource-collection>

                        <web-resource-name>Entire Application</web-resource-name>

                        <url-pattern>/*</url-pattern>

                </web-resource-collection>

                <auth-constraint>

                        <role-name>user</role-name>

                </auth-constraint>

        </security-constraint>

        <login-config>

                <auth-method>BASIC</auth-method>

                <realm-name>Tomcat Host Manager Application</realm-name>

        </login-config>

        <security-role>                                                                                 

                <description>                                                                           

                        The role that is required to log in to the Application                          

                </description>                                                                          

                <role-name>user</role-name>                                                             

        </security-role>                                                                                

                                                                                                        

</web-app>

```

Any ideas of the reason of that problem?

Thank you.

----------

## ShadowCat8

Well,

As I'm to understand, the "/" of the Context paths basically points at ${CATALINA_HOME}/webapps/ROOT, which is the base that *all* of the configured web applications are supposed to sit over (and/or under) in the presentation of the server to the network.  So, to visualize this a bit better, say you have the following directories under ${CATALINA_HOME}/webapps/:

```
 ~ # ls -l /opt/tomcat-6/webapps/

total 32

drwxr-xr-x  4 tomcat tomcat 4096 Jul 24  2009 ROOT

drwxr-xr-x  5 tomcat tomcat 4096 Jul 24  2009 balancer

drwxrwxr-x 11 tomcat tomcat 4096 May  8 17:41 main

drwxr-xr-x 21 tomcat tomcat 4096 Jul 24  2009 jsp-examples

drwxr-xr-x  4 tomcat tomcat 4096 Jul 24  2009 servlets-examples

drwxr-xr-x 12 tomcat tomcat 4096 Jul 24  2009 tomcat-docs

drwxr-xr-x  3 tomcat tomcat 4096 Jul 24  2009 webdav
```

And, as I said above, the "ROOT" directory above is what is shown/displayed/done when someone connects with "http://<host>:<port>/", but all the others there are connected to by using "http://<host>:<port>/<app>".  So, if you were to use the one security constraint to authorize every connect from "/*", then anyone connecting should have access to *all* webapps, to include the manager app.  Now, I am pretty sure that I understand what you are aiming at:  You want your users to be able to just use "http://<host>:<port>/" to connect with your Main webapp.  There are tricks that you can do in the ROOT webapp to redirect the connect to your Main app, such as creating a landing page under ROOT or configure a redirect of the docPath.  (NOTE: I'm not sure if the latter is still available in Tomcat 7, but you used to be able to redirect a connect to "/" to a specific webapp.  Haven't had to use that in quite a while.)

HTH.  Let us know.

----------

## candamil

Yes, that's exactly what I am trying to do, just keeping it easy for users, and as there will only be one webapp, it's not a problem if the users log to /. Anyway, if I am not able to get the authentication in / (at this moment, if I change / to any other url, it works, but when I change it again to /, it doesn't ask the password) I will try to do a redirect. I'll post whatever I get.

----------

## ShadowCat8

Yeah, 

Keep in mind that while *you* have only one webapp running on the Tomcat server, it is not the only webapp running on it.  The "manager" webapp is a default that comes with a Tomcat installation.  And, depending on what type of Tomcat installation,  you may have a couple other webapps running on the server.  That is why they are always making sure that you have your webapp wrapped up correctly.  

And, consider that you may want to deploy a more restricted webapp on the same server in the future like, perhaps, a Control Panel for a Home Media Distribution system?  (That comes to mind as a friend of mine did exactly that...)  Just like you don't want certain guests to touch the remote, you certainly don't want them changing something being streamed into your living room while you are watching it.   :Wink:   hehe

HTH... Or at least was somewhat entertaining.   :Smile:   Let us know.

----------

## candamil

As in the server there will be also an apache server running, and at this moment it won't be used, I think I will set a redirect page, so when a user comes in the domain with the 80 port, it redirects it to the tomcat servlet address. It's the easiest way.

----------

