{"id":3572,"date":"2024-03-13T07:08:36","date_gmt":"2024-03-13T07:08:36","guid":{"rendered":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/"},"modified":"2025-07-30T18:13:33","modified_gmt":"2025-07-30T18:13:33","slug":"how-can-access-control-be-implemented-in-tomcat","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/","title":{"rendered":"Tomcat Access Control: Configuration Guide"},"content":{"rendered":"<p>In Tomcat, access control can be implemented by configuring the web.xml file and using the <security-constraint> and <login-config> elements provided by Tomcat.<\/p>\n<ol>\n<li>Configuration file for web applications<\/li>\n<li>The XML file used in web development, named web.xml<\/li>\n<li><security measure><\/li>\n<\/ol>\n<pre class=\"post-pre\"><code><span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">security-constraint<\/span>&gt;<\/span>\r\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">web-resource-collection<\/span>&gt;<\/span>\r\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">web-resource-name<\/span>&gt;<\/span>Protected Area<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">web-resource-name<\/span>&gt;<\/span>\r\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">url-pattern<\/span>&gt;<\/span>\/protected\/*<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">url-pattern<\/span>&gt;<\/span>\r\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">web-resource-collection<\/span>&gt;<\/span>\r\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">auth-constraint<\/span>&gt;<\/span>\r\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">role-name<\/span>&gt;<\/span>admin<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">role-name<\/span>&gt;<\/span>\r\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">auth-constraint<\/span>&gt;<\/span>\r\n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">security-constraint<\/span>&gt;<\/span>\r\n<\/code><\/pre>\n<ol>\n<li>Sign in configuration<\/li>\n<li>Configuring file for a web application.<\/li>\n<li><login configuration><\/li>\n<\/ol>\n<pre class=\"post-pre\"><code><span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">login-config<\/span>&gt;<\/span>\r\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">auth-method<\/span>&gt;<\/span>BASIC<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">auth-method<\/span>&gt;<\/span>\r\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">realm-name<\/span>&gt;<\/span>Protected Area<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">realm-name<\/span>&gt;<\/span>\r\n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">login-config<\/span>&gt;<\/span>\r\n<\/code><\/pre>\n<ol>\n<li>The XML file for users in Tomcat is called tomcat-users.xml.<\/li>\n<\/ol>\n<pre class=\"post-pre\"><code><span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">tomcat-users<\/span>&gt;<\/span>\r\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">role<\/span> <span class=\"hljs-attr\">rolename<\/span>=<span class=\"hljs-string\">\"admin\"<\/span>\/&gt;<\/span>\r\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">user<\/span> <span class=\"hljs-attr\">username<\/span>=<span class=\"hljs-string\">\"admin\"<\/span> <span class=\"hljs-attr\">password<\/span>=<span class=\"hljs-string\">\"admin\"<\/span> <span class=\"hljs-attr\">roles<\/span>=<span class=\"hljs-string\">\"admin\"<\/span>\/&gt;<\/span>\r\n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">tomcat-users<\/span>&gt;<\/span>\r\n<\/code><\/pre>\n<p>After configuring the above steps, when accessing the \/protected\/* path, users will be required to enter a username and password and must have the admin role to access it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In Tomcat, access control can be implemented by configuring the web.xml file and using the and elements provided by Tomcat. Configuration file for web applications The XML file used in web development, named web.xml &lt;security-constraint&gt; &lt;web-resource-collection&gt; &lt;web-resource-name&gt;Protected Area&lt;\/web-resource-name&gt; &lt;url-pattern&gt;\/protected\/*&lt;\/url-pattern&gt; &lt;\/web-resource-collection&gt; &lt;auth-constraint&gt; &lt;role-name&gt;admin&lt;\/role-name&gt; &lt;\/auth-constraint&gt; &lt;\/security-constraint&gt; Sign in configuration Configuring file for a web application. &lt;login-config&gt; &lt;auth-method&gt;BASIC&lt;\/auth-method&gt; [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","footnotes":""},"categories":[1],"tags":[2080,2079,2077,2078,2076],"class_list":["post-3572","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-java-security","tag-server-security","tag-tomcat-access-control","tag-tomcat-authentication","tag-web-xml-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Tomcat Access Control: Configuration Guide - Blog - Silicon Cloud<\/title>\n<meta name=\"description\" content=\"Learn to implement Tomcat access control using web.xml with security constraints, auth-constraint, and role configuration.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tomcat Access Control: Configuration Guide\" \/>\n<meta property=\"og:description\" content=\"Learn to implement Tomcat access control using web.xml with security constraints, auth-constraint, and role configuration.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SiliCloudGlobal\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-13T07:08:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-30T18:13:33+00:00\" \/>\n<meta name=\"author\" content=\"Liam\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SiliCloudGlobal\" \/>\n<meta name=\"twitter:site\" content=\"@SiliCloudGlobal\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/\"},\"author\":{\"name\":\"Liam\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/23786905eb7b377f45ddb01c17da7671\"},\"headline\":\"Tomcat Access Control: Configuration Guide\",\"datePublished\":\"2024-03-13T07:08:36+00:00\",\"dateModified\":\"2025-07-30T18:13:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/\"},\"wordCount\":90,\"publisher\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\"},\"keywords\":[\"Java security\",\"server security\",\"Tomcat access control\",\"Tomcat authentication\",\"web.xml security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/\",\"url\":\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/\",\"name\":\"Tomcat Access Control: Configuration Guide - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#website\"},\"datePublished\":\"2024-03-13T07:08:36+00:00\",\"dateModified\":\"2025-07-30T18:13:33+00:00\",\"description\":\"Learn to implement Tomcat access control using web.xml with security constraints, auth-constraint, and role configuration.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.silicloud.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tomcat Access Control: Configuration Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/blog\/\",\"name\":\"Silicon Cloud Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\",\"name\":\"Silicon Cloud Blog\",\"url\":\"https:\/\/www.silicloud.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png\",\"contentUrl\":\"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png\",\"width\":1024,\"height\":1024,\"caption\":\"Silicon Cloud Blog\"},\"image\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SiliCloudGlobal\/\",\"https:\/\/twitter.com\/SiliCloudGlobal\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/23786905eb7b377f45ddb01c17da7671\",\"name\":\"Liam\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8d37ed3e7f770dde8bf069ba0b4298688028c3abaacf1131742fc1352d174ebd?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8d37ed3e7f770dde8bf069ba0b4298688028c3abaacf1131742fc1352d174ebd?s=96&d=mm&r=g\",\"caption\":\"Liam\"},\"sameAs\":[\"http:\/\/Wilson\"],\"url\":\"https:\/\/www.silicloud.com\/blog\/author\/liamwilson\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Tomcat Access Control: Configuration Guide - Blog - Silicon Cloud","description":"Learn to implement Tomcat access control using web.xml with security constraints, auth-constraint, and role configuration.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/","og_locale":"en_US","og_type":"article","og_title":"Tomcat Access Control: Configuration Guide","og_description":"Learn to implement Tomcat access control using web.xml with security constraints, auth-constraint, and role configuration.","og_url":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/","og_site_name":"Blog - Silicon Cloud","article_publisher":"https:\/\/www.facebook.com\/SiliCloudGlobal\/","article_published_time":"2024-03-13T07:08:36+00:00","article_modified_time":"2025-07-30T18:13:33+00:00","author":"Liam","twitter_card":"summary_large_image","twitter_creator":"@SiliCloudGlobal","twitter_site":"@SiliCloudGlobal","twitter_misc":{"Written by":"Liam","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/#article","isPartOf":{"@id":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/"},"author":{"name":"Liam","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/23786905eb7b377f45ddb01c17da7671"},"headline":"Tomcat Access Control: Configuration Guide","datePublished":"2024-03-13T07:08:36+00:00","dateModified":"2025-07-30T18:13:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/"},"wordCount":90,"publisher":{"@id":"https:\/\/www.silicloud.com\/blog\/#organization"},"keywords":["Java security","server security","Tomcat access control","Tomcat authentication","web.xml security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/","url":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/","name":"Tomcat Access Control: Configuration Guide - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/blog\/#website"},"datePublished":"2024-03-13T07:08:36+00:00","dateModified":"2025-07-30T18:13:33+00:00","description":"Learn to implement Tomcat access control using web.xml with security constraints, auth-constraint, and role configuration.","breadcrumb":{"@id":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/blog\/how-can-access-control-be-implemented-in-tomcat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.silicloud.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Tomcat Access Control: Configuration Guide"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/blog\/#website","url":"https:\/\/www.silicloud.com\/blog\/","name":"Silicon Cloud Blog","description":"","publisher":{"@id":"https:\/\/www.silicloud.com\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.silicloud.com\/blog\/#organization","name":"Silicon Cloud Blog","url":"https:\/\/www.silicloud.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png","contentUrl":"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png","width":1024,"height":1024,"caption":"Silicon Cloud Blog"},"image":{"@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SiliCloudGlobal\/","https:\/\/twitter.com\/SiliCloudGlobal"]},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/23786905eb7b377f45ddb01c17da7671","name":"Liam","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8d37ed3e7f770dde8bf069ba0b4298688028c3abaacf1131742fc1352d174ebd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8d37ed3e7f770dde8bf069ba0b4298688028c3abaacf1131742fc1352d174ebd?s=96&d=mm&r=g","caption":"Liam"},"sameAs":["http:\/\/Wilson"],"url":"https:\/\/www.silicloud.com\/blog\/author\/liamwilson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/3572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/comments?post=3572"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/3572\/revisions"}],"predecessor-version":[{"id":148226,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/3572\/revisions\/148226"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/media?parent=3572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/categories?post=3572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/tags?post=3572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}