tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Mix http and https on one tomcat server?
Date Thu, 18 Jun 2009 21:03:29 GMT
André Warnier wrote:
and he's back.
Browsing the documentation of urlrewritefilter, at

In the <condition> element, one of the conditions is :
remote-addr	The IP address of the host making the request, e.g. i.e. request.getRemoteAddr()

So you can definitely test on

You can also, subsequent to this test, re-direct the request somewhere 
else (have not yet found the rule for that).

So one way to do what you want joins a previous suggestion of Chuck :
- duplicate your webapp
   - have it set up once as
         (with the authentication bit)
   - and again as
      (the same, just omit the authentication section in web.xml)

Then, set up urlrewritefilter so :
- if the request to /thewebapp comes from, re-direct it 
(internally) to /thewebapp-internal
- otherwise, don't do anything (and it will hit the normal 
authentication of /thewebapp

Inconvenient : requests that go through /theweapp-internal have /no/ 
authentication.  If your webapp really needs one (internally), then you 
have a problem.  But if the authentication is merely to restrict access, 
and the user-id is not used inside, then you're ok.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message