tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Mix http and https on one tomcat server?
Date Thu, 18 Jun 2009 20:49:30 GMT
André Warnier wrote:
> Bruce Edge wrote:
> ...
Since I don't really feel like doing what I should really be doing 
tonight, let me elaborate a bit.

The Request comes "into" your webapp, and first hits the filter.
The filter checks if the IP origin of the request is
If it is, it "authenticates" the request with some pre-defined user/role 
(*).  If it's from somewhere else, it doesn't.
Next, the request filters down to your webapp.
The security environment around your webapp (Tomcat's doing, according 
to your setup) checks if the request is authenticated.  If it is, it 
goes through to your webapp.  If not, it is intercepted by the normal 
authentication mechanism.

Now the (*) bit, I'll leave to the experts, because I don't really have 
a clue how to write something like that.  All I know is that there must 
be some UserPrincipal kind of object involved there.

But I think that the urlrewritefilter also can do the dirty stuff for 
you there.
I'll go check, cause I'm also interested.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message