I assume you know what Tomcat and Docker are. Tomcat image by default has no user and no application deployed. It was designed to fork the image and use it with your own configuration. I couldn’t find any introduction which shows how to deploy your own Tomcat with user management enabled for your side projects. Everything was either too complex for my needs or did not answer the question “how to deploy Tomcat to play with it, deploy in it, destroy it”.

So, here I wrote a simple snippet that builds a local Tomcat docker image with your username and password and enables you to run Spring-Boot project, login from remote IP address (by default you can login only from IP Tomcat is running on).

  1. You need your own Dockerfile which forks Tomcat
  2. tomcat-users.xml file which contains roles, username and password
  3. context.xml file which enables you to login to Tomcat instance from remote IP

You can clone my Tomcat repository from GitLab, modify tomcat-users.xml with your own username and password and built it locally, but here you can see all the source code I used in the repository.

Source for the Dockerfile the image forks tomcat:8.0-jre8, copies local user management file and context to the image. Of course it has to expose port 8080 where Tomcat will be listening for connections:

FROM tomcat:8.0-jre8
COPY tomcat-users.xml /usr/local/tomcat/conf/tomcat-users.xml
COPY context.xml /usr/local/tomcat/webapps/manager/META-INF/context.xml
EXPOSE 8080/tcp

tomcat-users.xml contains list of users, their roles and passwords, it’s simple as that:

<!--?xml version="1.0" encoding="UTF-8"?-->
<tomcat-users xmlns="" xmlns:xsi="" xsi:schemalocation=" tomcat-users.xsd" version="1.0">
  <user username="user" password="password" roles="admin-gui,admin-script,manager-gui,manager-script,manager-status,manager-jmx">

The next one is context.xml which allows you to login to a remote server using your home IP (I deploy Tomcat on my dedicated server and connect to it from home):

<!--?xml version="1.0" encoding="UTF-8"?-->
<context antiresourcelocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

The last part of my setup is to automate the build process. I want to build the image and automatically deploy it in local Docker:

#!/bin/bash -e
docker build . | tee .log.txt
TAG=`cat .log.txt | tail -n1 | awk 'NF&gt;1{printf $NF}'`
docker run --restart=always -it -p 8080:8080 $TAG

Now, when you run bash ./ as root, it will automatically build the image for you and start it.

There are plenty of online tutorials showing how to create database-based authentication for Spring. Some of them use SQL query to authenticate user and retrieve its roles, some use DAO… but none of them worked well for me and all of them had some major problems, even like SQL Injection. So, in this post I will explain my approach and present final solution with a database (MySQL), User and Role class and UserDetailsService implementation.

The goal is to create basic webpage with login form and signup form (which includes fields validation) that handles different roles. Then, you and me can use it as a template project.

This tutorial doesn’t include steps how to setup your IDE and build environment. We’re going straight to code, and I will try to avoid as much boilterplate as possible, so the code won’t include getters and setters. If you still write them by hand, time to learn about Lombok project (which I use here) or any other code generator.

Continue reading

To be able to access two databases in SpringBoot you must define two data sources. In my case I had one database for identity details of users, like username, name, email, address etc. and second database for everything else.

You have to define one @Configuration class for each database and each class will wired its own datasource to services (like JpaRepository or CrudRepository) to defined packages.

Continue reading