1.找到TOMCAT安裝目錄，找到CONFIG資料夾，查詢到Tomcat_Home\conf\tomcat-users.xml檔案，新增角色

<?xml version='1.0' encoding='utf-8'?>

<tomcat-users>… <role rolename="department-manager"/>

<user username="test" password="test" roles="department-manager"/>

…

</tomcat-users>

上面配置程式碼在tomcat配置檔案中添加了一個department-manager角色，並且在此角色中添加了一個名為hellking的使用者。要使tomcat-users.xml中配置的角色和使用者生效，需要配置tomcat使用UserDatabaseRealm。開啟Tomcat_Home\conf\server.xml配置檔案，在GlobalNamingResources中新增以下描述：

2.在tomcat中新增UserDatabaseRealm

<GlobalNamingResources>... 

<Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database 

that can be updated and saved"> </Resource> <ResourceParams name="UserDatabase"> 

<parameter> 
 

<name>factory</name> 

<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> 

</parameter> <parameter> <name>pathname</name> <value>conf/tomcat-users.xml</value> 

</parameter> 

</ResourceParams> 

</GlobalNamingResources>
 

然後再web應用的部署描述符中指定Web服務資源的訪問控制，如下所示：

3.

<security-constraint>

<web-resource-collection>

<web-resource-name>Tax Web service </web-resource-name>

<url-pattern>/services/PersonalTaxService</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>department-manager</role-name> <

/auth-constraint>

</security-constraint>

<login-config>

<auth-method>BASIC</auth-method>

<realm-name>Axis Basic Authentication Area</realm-name>

</login-config>

<security-role>

<role-name>department-manager</role-name>

</security-role>

url-pattern指定了需要通過角色驗證的URL樣式，在這裡是"/services/PersonalTaxService"；role-name是能夠訪問制定URL的角色，這裡是department-manager。以上配置的意思是隻有角色型別是"department-manager"的使用者才能訪問URL樣式為"/services/PersonalTaxService"Web服務。

4.客戶端呼叫：

public String ClientAccount(CDto abDto){
  RPCServiceClient serviceClient = null;
  String para=null;
  String xmlString = null;
  try {
   serviceClient = new RPCServiceClient();
   
   Options options = serviceClient.getOptions();
   EndpointReference targetEPR = new EndpointReference(ClientReadProperties.getInstence().getProperty("Select"));
   options.setTo(targetEPR);
   
   HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
   authenticator.setPreemptiveAuthentication(true);
   authenticator.setUsername("test");
   authenticator.setPassword("test");
   options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);

   
   QName qname = new QName(ClientReadProperties.getInstence().getProperty("Qurl"),"Select");
   para=ObjectToXML.ObjectToXMLString(abDto);//封裝成XML格式字串   
   xmlString = (String) serviceClient.invokeBlocking(qname,new Object[] { para },new Class[] { String.class })[0];   
  } catch (Exception e) {
   e.getStackTrace();
  }
  return xmlString;
 }