tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Mikusa <dmik...@vmware.com>
Subject Re: making security constraints configureable
Date Thu, 03 Nov 2011 18:09:14 GMT
Leon,

Is it a requirement for you to use BASIC auth?  or could you use
something like the Remote Address Filter to restrict by IP address?

https://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter

If you configure this valve in the restricted environment you can then
control who can access to just that environment.

Dan


On Thu, 2011-11-03 at 10:10 -0700, Leon Rosenberg wrote:
> Hello,
> 
> I have a situation where an application is accessable from outside in
> staging and production environment, but shouldn't be open for public
> in staging environment.
> What we did so far was, that we excluded everyone via web.xml:
> 
> 
>         <!-- security configuration -->
>         <login-config>
>                 <auth-method>BASIC</auth-method>
>         </login-config>
>         <security-role>
>                 <role-name>my-access</role-name>
>         </security-role>
>         <security-constraint>
>                 <display-name>blub</display-name>
>                 <web-resource-collection>
>                         <web-resource-name>myres</web-resource-name>
>                         <url-pattern>*.html</url-pattern>
>                 </web-resource-collection>
>                 <auth-constraint>
>                         <role-name>my-access</role-name>
>                 </auth-constraint>
>         </security-constraint>
>         <!-- /security configuration -->
> 
> Is there any possibility to make this conditional, depending on an
> environment property? Is there any other opportunity to achieve the
> same?
> Currently we have to kill the above lines from web.xml after each
> deployment and this sucks ;-(
> 
> regards
> Leon
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
Mime
View raw message