<Realm className="org.apache.catalina.realm.MemoryRealm" />
If you wonder what you’re activating here, please read the Catalina doc:
http://tomcat.apache.org/tomcat-4.0-doc/catalina/docs/api/org/apache/catalina/realm/MemoryRealm.html
Then, you want to add a user and a role for your webapp inside the tomcat-users.xml file, which can be found in the same directory.
<role rolename="myrole"/> <user username="myuser" password="mypassword" roles="myrole"/>
If you would like to share your users over multiple webapps, you might want to create one role per webapp and add these roles to the corresponding users. Multiple roles are being defined by simply writing them all inside the roles attribute, separated by a ‘,’.
The next step will be to add the login information inside the webapp you want to protect. Open your webapp’s web.xml file. If the webapp was already deployed, please keep in mind that a redeploy might invalidate or overwrite the settings you’re about to set. So here we go; Write the following lines in your web.xml (located inside the web-app element).
<security-constraint>
<web-resource-collection>
<web-resource-name>mywebapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>mywebapp</realm-name>
</login-config>
Make sure that the role-name attribute fits the one you picked in the tomcat-users.xml file. You might also only protect the nasty parts of your application using the URL pattern. However using ‘/*’, the mechanism will protect the whole web application. The basic auth-method is just the simple base64 encoded user:password in the http request header stuff. If you want a more decent solution, read this page for more available auth methods:
great articles and stylish website, keep up with the good work guys.