要限制訪問Web應用程序(或文件夾在webapp URL)在Tomcat中:
在webapps/MyApp/WEB-INF/web.xml
添加
<security-constraint>
<web-resource-collection>
<web-resource-name>
Entire webapp
</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<!-- pay attention: BASIC in insecure, use it only for test, search for a more secure method -->
<auth-method>BASIC</auth-method>
<realm-name>Text reported when prompting the user for un and pw</realm-name>
</login-config>
和conf/tomcat-users.xml
添加
<role rolename="member"/>
<user username="bubi" password="bubi" roles="member"/>
然後重新加載webapp並可能重新啓動Tomcat。
來源:O'Reilly's Top Ten Tomcat Configuration Tips - 5. Configuring Basic Authentication
關於第二個問題,我不知道如何去實現它。