Problem definition:
We have a public facing tomcat which we wish to single password protect a webapp on the prodution facing tomcat only. This can be done by adding a new user & role to the production tomcat-users.xml and adding the corresponding and sections to the webapps WEB-INF/web.xml
The problem is, because you have to change the actually webapp, it means the developers using eclipse cant access the site, unless they remove the lines and remember to re-apply them before releasing. It is not possible to edit the eclipse tomcats tomcat-users.xml (found in workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf as it gets overwritten when you stop/start tomcat.
Question:
Is there any other way of doing authentication only on the server, or alternately a way of getting the user into eclipses tomcat?
Below is what went into the web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Entire Application
</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>gamer</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Invigation only</realm-name>
</login-config>
