1. Create Login.html
  2. Create FirstServet class
  3. Configure FirstServlet in web.xml
  4. Add security related tags to web.xml
  5. Add role,username & password in tomcat-users.xml
  6. Deploy & Run the application

Create Login.html(for Accessing FirstServlet)

<html>
<head>
<title>LOGIN PAGE</title>
</head>
<body>
	<form action="/WebSecurity/FirstServlet" method="post">

		Enter Text:<input type="text" name="text"> 
                <input 	type="submit">
	</form>
</body>
</html>

Create FirstServet class

package com.java2learn.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class FirstServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		PrintWriter out = response.getWriter();

		out.println("<h1>GET:After authentication only we can access the Servlet.</h1>");
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		PrintWriter out = response.getWriter();

		out.println("<h1>POST:After authentication only we can access the Servlet.</h1>");
	}

}

Configure FirstServlet in web.xml

	<servlet>
		<description></description>
		<display-name>FirstServlet</display-name>
		<servlet-name>FirstServlet</servlet-name>
		<servlet-class>com.java2learn.servlet.FirstServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>FirstServlet</servlet-name>
		<url-pattern>/FirstServlet</url-pattern>
	</servlet-mapping>

Add security related tags to web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	id="WebApp_ID" version="2.5">
	<display-name>WebSecurity</display-name>
	
	<servlet>
		<description></description>
		<display-name>FirstServlet</display-name>
		<servlet-name>FirstServlet</servlet-name>
		<servlet-class>com.java2learn.servlet.FirstServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>FirstServlet</servlet-name>
		<url-pattern>/FirstServlet</url-pattern>
	</servlet-mapping>

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>FirstServlet</web-resource-name>
			<description></description>
			<url-pattern>/FirstServlet</url-pattern>
			<http-method>POST</http-method>
			<http-method>GET</http-method>
		</web-resource-collection>

		<auth-constraint>
			<role-name>javaRole</role-name>
		</auth-constraint>
	</security-constraint>

	<login-config>
		<auth-method>BASIC</auth-method>
	</login-config>

	<security-role>
		<role-name>javaRole</role-name>
	</security-role>

</web-app>

Add role,username & password in tomcat-users.xml

path:Tomcat 6.0\conf\tomcat-users.xml

<tomcat-users>
 <role rolename="javarole"/>
 <user username="user1" password="tomcat" roles="javarole"/>
 <user username="user2" password="tomcat" roles="javarole,role1"/>
</tomcat-users>

Final Project Structure

FormBasedProject

Deploy & Run the application

userForm

EnterUserNamePwd

Output

Download Project: WebSecurity