In Basic authentication, if you try to send a request, a popup window appears and you enter a particular username/password, which gets sent to Tomcat. Tomcat checks to see that the sent username and password match a user entry in tomcat-users.xml, and it makes sure that the user's tomcat-users.xml role (or roles) match the role (or roles) that have access to your web application resource, which is specified in your web.xml file.
step 1:
Inside tomcat-users.xml add the below code
<tomcat-users>
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
<user username="sudheer" password="java" roles="manager-gui"/>
</tomcat-users>
step 2:
create dynamic web project and in web.xml add the below code:
Inside web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>authwebapplication</display-name>
<servlet>
<description></description>
<display-name>Controller</display-name>
<servlet-name>Controller</servlet-name>
<servlet-class>com.vidyayug.Controller</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Controller</servlet-name>
<url-pattern>/Controller</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager-gui</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
Step 3: Create a Servlet like below:
package com.mypractice;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomcat.util.buf.Base64;
public class Controller extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
Enumeration headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String headerName = (String) headerNames.nextElement();
out.print("<br/>Header Name: <em> ---------->" + headerName);
String headerValue = request.getHeader(headerName);
out.print("</em>, Header Value: <em>" + headerValue);
out.println("</em>");
}
out.println("<hr/>");
String authHeader = request.getHeader("authorization");
String encodedValue = authHeader.split(" ")[1];
out.println("Base64-encoded Authorization Value: <em>" + encodedValue);
String decodedValue = Base64.base64Decode(encodedValue);
out.println("</em><br/>Base64-decoded Authorization Value: <em>" + decodedValue);
out.println("</em>");
}
}