1. 롤, 유저 설정 (conf/tomcat-users.xml)
<tomcat-users>
<role rolename="Admin"/>
<role rolename="Member"/>
<user username="Tenny" password="secret" roles="Admin, Member"/>
</tomcat-users>
2. 사용할 role과 인증방법 설정 (WEB-INF/web.xml)
<security-role>
<role-name>Admin</role-name>
</security-role>
<login-config>
<!-- Auth type: BASIC, DIGEST, CLIENT-CERT, FORM -->
<auth-method>BASIC</auth-method>
</login-config>
3. resource에 허가할 role 설정하기 (WEB-INF/web.xml)
<security-constraint>
<web-resource-collection>
<web-resource-name>lezhinCollection</web-resource-name>
<url-pattern>/anywhere</url-pattern>
<url-pattern>/everywhere</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>Member</role-name>
</auth-constraint>
</security-constraint>
p.s.> 그 밖에 서블릿 코드 내에서 롤에 따라 접근을 제한할 수 있는 isUserInRole("Admin") 같은 함수도 있습니다.
보다 자세한 사항은 톰켓 매뉴얼을 참고하세요.
tomcat 인증 활성화 하기