2. User authentication Previous topic Parent topic Child topic Next topic

XMLmind XSL Server has primarily been designed to be used by Web clients and by other server-side applications as a programmable XML conversion service. As such, by default, user authentication is turned off. The following procedure explains how to turn user authentication on.
Configuring XMLmind XML Server always involves modifying files found in xslsrv.war. This implies unpacking(1) xslsrv.war, modifying some configuration files and then repacking xslsrv.war. Fortunately, this is generally done once for all.


  1. Edit xslsrv/WEB-INF/web.xml (xslsrv/ being the unpacked xslsrv.war) using a text editor and remove the line starting with "<!--AUTH" and also the line ending with "AUTH-->".
      <realm-name>XSL Server</realm-name>
  2. Specify the authentication scheme and specify how to perform the user authentication.
    1. You may want to change the authentication scheme from DIGEST (default value; recommended for production use) to BASIC (simpler to configure).
        <realm-name>XSL Server</realm-name>
    2. Specify to the Servlet Container how the user authentication is to be performed.
      Simplest Tomcat example, assuming a BASIC authentication scheme:
      1. Add directory install_dir/doc/manual/tomcat/META-INF/ to xslsrv.war.
        Directory META-INF/ contains file context.xml:
        <Context ... >
          <Realm className="org.apache.catalina.realm.MemoryRealm" 
      2. Copy install_dir/doc/manual/tomcat/tomcat-users.xml to /opt/tomcat/conf/.
      3. Edit the contents of /opt/tomcat/conf/tomcat-users.xml using a text editor to declare some users:
          <role rolename="user"/>
          <user username="john" password="secret" roles="user"/>

 (1) A .war file is just a ZIP archive having a ".war" suffix.