tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: IP security constraint
Date Fri, 03 Dec 2004 13:23:57 GMT
No, this "breaks the spec". There are many other simple alternatives. Please 
follow up to the tomcat-user list for more information.

-Tim

Svante Olofsson wrote:

> Hi!
> 
> First off, I think Tomcat is a great product. Thanks! 
> 
> Secondly, do you have any plans on adding something like to web.xml:
> 
> <security-constraint>
>     <web-resource-collection>
>         <web-resource-name>My Webapp</web-resource-name>
>         <url-pattern>cust1.html</url-pattern>
>     </web-resource-collection>
>     <ip-constraint>
>       <allow>192.168.1.13-192.168.1.55,192.168.10.</allow>
>     <ip-constraint>
> </security-constraint>
> 
> <security-constraint>
>     <web-resource-collection>
>         <web-resource-name>My Webapp</web-resource-name>
>         <url-pattern>cust2.html</url-pattern>
>     </web-resource-collection>
>     <ip-constraint>
>       <deny>192.168.</deny>
>     <ip-constraint>
> </security-constraint>
> 
> I have looked at the documentation and web, but could not find any other
> information than a commercial package from Cafesoft. I think this kind of
> access control would be very useful since webapps can have static pages that
> should be denied for everyone but a certain ip-range. Example: Customer 1
> has access to a service with a certain look-and-feel and some customer
> specific mods. The name of the page that Customer 1 uses to access the
> webapp is cust1.html and that passes on some parameters. Customer 2 uses the
> same webapp but has a different look-and-feel and accesses the SAME webapp
> through cust2.html. Now it would be nice to limit access to cust1.html and
> cust2.html so that only the respective customer ip-ranges could access them.
> I can do this by installing apache and hooking up Tomcat to it, but I would
> like to use a standalone solution. The Valve functionality is good but it is
> only on webapp level.
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message