Java Web Application BASIC Authentication in Tomcat

Last Updated on

This post demonstrates how to use BASIC Authentication in a web application in Java using Tomcat.


  • Tomcat 8.5.37
  • Open JDK 1.8.0_192

Users and Roles

Update conf/tomcat-users.xml with the following roles and users.

Update web.xml

Then, modify web.xml with the following security-constraint and login-config elements.

Here we wanted to restrict the whole application.


The CONFIDENTIAL value for transport-guarantee element forces the authentication process to be done in SSL.


  • https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html

Karl San Gabriel

Karl San Gabriel

Professional Software Developer