tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Candid Dauth" <>
Subject Force authentication except for one IP address
Date Wed, 23 Aug 2006 14:15:22 GMT

we are using JSPWiki here. On our server, every user has to login using his LDAP account before
they can access any page. We implemented this using security-constraint definitions for the
url-pattern /*, and everything works fine.

Now there is a little problem. The Wiki provides a PDF plug-in, which generates a PDF file
out of a Wiki page by transforming the XHTML output from the Wiki to an XML file, which is
converted to PDF by FOP (as far as I know). When inserting images into a page, those images
are accessed by FOP using HTTP, because it can't access them on the local file system (they
are stored in some Wiki specific location). Now, when FOP tries to access the images, it is
not authenticated, which causes Tomcat to return the login form instead of the image. So images
will not be loaded in the PDF file.

Of course I could configure the webapp so that images are accessable for everyone, then the
PDF plug-in could also access them and load them in the PDF files. But this would mean that
everyone out there could also access those images, and we don't want anyone external to be
able to access any data on our Wiki.

The solution would be to force login for everyone on the whole server (as it is at the moment),
excepting the client "localhost" (-->, that should be able to access those images
(url-pattern "/attach/*"). Is there any way to do this?

We have already tried to set up an additional virtual host that grants access only to
to use it for the PDF plug-in, but we couldn't find a way to use a different web.xml file
for another virtual host.

Thanks for your help,
Candid Dauth

Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN:


Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message