Setting up authentication for secure server access
To define the authentication mechanism and constraints, update the security configuration defined in the web.xml file inside the web archive on the Corticon Server. In a default installation that location is [CORTICON_SERVER_WORK_DIR]\pas\server\webapps\axis\WEB-INF\web.xml.
Within the web.xml is a commented-out block that defines common security constraints. Uncommenting this block enables basic authentication when you restart the server.
Note: If you already uncommented this section to enable HTTPS, review the web-resource-collection defined, and then add the auth-constraint block, and uncomment the login-config and security-role sections.
With the above configuration, every time a user tries to access the server through a URL, a valid username/password must be supplied and verified. You need to decide whether to restrict defined user roles to specified URLs – the endpoints that perform specific actions. That is described in the next topic.
The default user definitions used by a PAS server are defined in the tomcat-users.xml file (in a default installation its location is [CORTICON_SERVER_WORK_DIR]\pas\server\conf\tomcat-users.xml) as follows: