Adding/ Removing Browser Authentication for tomcat app

There can be many cases in your projects where you would like to add a browser authentication for your project. But there will be a few where you will actually need to remove that. That’s what happen to me today. Checked out code for a project and tried to run on local tomcat instance, everything worked fine. When tried to open up the app like localhost:8080/myapp, browser asked for username and password. I had no idea about username and password.

So started by googling about removing browser authentication in tomcat, that was a mistake. Could not find a single site talking about removal of authentication. After spending 20 minutes, I got the idea to actually look for- how to set the browser authentication. And bam- that worked.

In your apps web.xml, there will be setting for <security-constraint> where you can set up the <login-config> as basic (or actually remove in my case).

<!–
Define the Members-only area, by defining
a “Security Constraint” on this Application, and
mapping it to the subdirectory (URL) that we want
to restrict.
–>
<security-constraint>
<web-resource-collection>
<web-resource-name>
Entire Application
</web-resource-name>
<url-pattern>/members/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<!– Define the Login Configuration for this Application –>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Club Members-only Area</realm-name>
</login-config>

Source point 5 of  http://oreilly.com/java/archive/tomcat-tips.html