Procedure

1. Edit xslsrv/WEB-INF/web.xml (xslsrv/ being the unpacked xslsrv.war) using a text editor and remove the line starting with "<!--AUTH" and also the line ending with "AUTH-->".

   <!--AUTH
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>ConvertServlet</web-resource-name>
       <url-pattern>/exec/*</url-pattern>
     </web-resource-collection>
   
     <auth-constraint>
       <role-name>user</role-name>
     </auth-constraint>
   </security-constraint>
   
   <login-config>
     <auth-method>DIGEST</auth-method>
     <realm-name>XSL Server</realm-name>
   </login-config>
   
   <security-role>
     <role-name>user</role-name>
   </security-role>
   AUTH-->

2. Specify the authentication scheme and specify how to perform the user authentication.
   1. You may want to change the authentication scheme from DIGEST (default value; recommended for production use) to BASIC (simpler to configure).

      <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>XSL Server</realm-name>
      </login-config>

   2. Specify to the Servlet Container how the user authentication is to be performed.
      Simplest Tomcat example, assuming a BASIC authentication scheme:
      1. Add directory install_dir/doc/manual/tomcat/META-INF/ to xslsrv.war.
         Directory META-INF/ contains file context.xml:

         <Context ... >
           <Realm className="org.apache.catalina.realm.MemoryRealm" 
                  pathname="conf/tomcat-users.xml"/>
         </Context>

      2. Copy install_dir/doc/manual/tomcat/tomcat-users.xml to /opt/tomcat/conf/.
      3. Edit the contents of /opt/tomcat/conf/tomcat-users.xml using a text editor to declare some users:

         <tomcat-users>
           <role rolename="user"/>
           <user username="john" password="secret" roles="user"/>
           ...