Chapter 15. Authenticating Clients


Because of the increase in digital commerce and a corresponding rise in the need to transfer and store sensitive data (such as credit card numbers and financial accounts), security is of paramount importance to Java web applications.

This chapter’s recipes cover tasks that involve authentication, which is designed to answer the question “are you who you say you are?” Authentication usually involves an interaction between a client or user and server-side code for the purpose of checking a username and password (and sometimes a digital certificate, biometric data, or other evidence) against stored information, such as a user database.

The recipes describe how to set up Secure Sockets Layer (SSL), as well as use BASIC- and form-based authentication with Apache Tomcat. The later recipes describe how to use a powerful security framework called Java Authentication and Authorization Service (JAAS) with servlets and JSPs.

15.1. Creating Users and Passwords with Tomcat


You want to create usernames and passwords for authenticating requests for certain web components.


Add the usernames, passwords, and roles to the tomcat-users.xml file.


A very easy method of authenticating users with Tomcat involves creating usernames, passwords, and roles in the tomcat-users.xml file. This file is stored in <Tomcat-installation-directory>/conf.

Everyone is familiar with usernames and passwords, but what are roles? Roles are logical ways ...

Get Java Servlet & JSP Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.