<login-config>

This tag defines the authorisation methods for the application, as well as any attributes required for BASIC or FORM-based authentication.

This is a top-level element, and sits inside the <web-app> element.

Subelements

• <auth-method>
• <form-login-config>
• <form-login-page>
• <form-error-page>
• <realm-name>

BASIC Authentication (popup dialog box from browser)

<!-- This application uses BASIC authentication --> 
<login-config> 
    <auth-method>BASIC</auth-method> 
    <realm-name>Editor Login</realm-name> 
</login-config> 

FORM-based Authentication (uses a login page and an error/access-denied page)

<!-- FORM based authentication --> 
<login-config> 
    <auth-method>FORM</auth-method> 
    <form-login-config> 
        <form-login-page>/login.jsp</form-login-page> 
        <form-error-page>/error.jsp</form-error-page> 
    </form-login-config> 
</login-config>

See Also

• web.xml Reference Page - for a full example of a security constraint
• Security Realms - basic description of the elements required to implement authentication
• Metawerx Tomcat Realms Administrator - metawerx tool for JDBC-based authentication