例如你要控制对ROOT目录下文件的访问:首先更改$TOMCAT_HOME/ROOT/WEB-INF/web.xml 1.在<web-app>和</web-app>之间加入
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- NOTE: This role is not present in the default users file -->
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TEST ACCESS CONTROL</realm-name>
</login-config>
2.然后在$TOMCAT_HOME/conf/tomcat-users.xml中加入
<user name="user" password="password" roles="user"/>
roles的名字和web.xml中的相对应
在TOMCAT4.03中测试通过