Although weblogs are generally a public way of sharing ideas and opinions, there may be times when you want to set up a private blog - perhaps a dedicated project blog or a blog that only family members can access. Since Pebble uses the standard Java Servlet security model, setting up a private blog is straightforward.

The web.xml file inside the Pebble WAR file contains a block of text like the following that can serve as a starting point.

        <!--
          this is an example of how to setup a private blog
          (1) set the url-pattern to include the blog(s) you wish to make private
          (2) set the role-name (this can be anything)
          (3) configure users in your security realm (app server specific)
          (4) add the role to the auth-constraint section in the above security constraint
        -->
        <security-constraint>
          <web-resource-collection>
            <web-resource-name>Private Blog Realm</web-resource-name>
            <url-pattern>/privateblog/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>HEAD</http-method>
            <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
            <role-name>privateblog-user</role-name>
          </auth-constraint>
        </security-constraint>

To define a private blog, you need to modify the url-pattern element. Examples for the value of this element are /* to secure an entire blog in single user mode or all blogs in multi-user mode, or /someblog/* to secure a single blog in multi-user mode. Next, set the value of the role-name element to specify which group of users can access the secured resource and this can be any value. Finally you'll need to define the appropriate users in your application/web server security realm. For Tomcat, users are added to the $TOMCAT_HOME/conf/tomcat-users.xml file. After restarting the server, any attempt to access the URL specified in the url-pattern element will require authentication. If you need to have more than one secure blog, copy this security-constraint section and edit the url-pattern and role-name as appropriate.

Note : In multi-user mode, all blogs will automatically show up on the multi-user front page and their content will appear in the combined news feeds. To stop this from occurring you can mark your blog to be private in the blog properties.