I want to secure my admin pages in tomcat with web.xml and tomcat-users.xml.It doesn't works.
Here is my contents of my tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="webadmin"/>
<user username="kumar" password="kumar" roles="manager"/>
</tomcat-users>
and contents of WEB-INF/web.xml
<resource-env-ref>
<description>abc.com/</description>
<resource-env-ref-name>player</resource-env-ref-name>
<resource-env-ref-type>org.apache.catalina.UserDatabase</resource-env-ref-type>
</resource-env-ref>
<security-constraint>
<display-name>player</display-name>
<web-resource-collection>
<web-resource-name>personal</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>abc.com</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>webadmin</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
</form-login-config>-->
<auth-method>BASIC</auth-method>
<realm-name>player</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>webadmin</role-name>
</security-role>
please let me know what needs to be added in these xmls.