If you want to secure pages using tomcat only, then that's not an easy thing to do. Point is that Tomcat actually is not a full blown webserver, it is basically just an application server. For security tomcat usually depends on other packages to implement username/password control. There is some very basic username/password control built into tomcat, look at the tomcat-users.xml file (in the conf directory).
Easiest way to implement security is by letting IIS do the access control, when ok link through to tomcat for all application requests. You'll need the jakarta plug-in for iis to get this done. There is ample documentation on this issue available - the webfocus security administration manual is a very good source.
GamP
- Using AS 8.2.01 on Windows 10 - IE11.
in Focus since 1988
November 03, 2009, 05:52 AM
<JG>
To protect http://hostname/ rename $CATALINA_HOME/webapps/ROOT/index.jsp (restart tomcat)
Alternatively edit the Tomcat web.xml file and find the following block and delete the index.jsp entry
To protect http://hostname/ibi_apps/ rename homepage.jsp in the root ibi_apps folder (redeploy ibi_apps) (if you've deployed the app instead of the folder you will need to re-jar it and then redeploy)