tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Mikusa <dmik...@vmware.com>
Subject Re: making security constraints configureable
Date Mon, 07 Nov 2011 14:22:52 GMT
Leon,

One possible way to work around this would be to use an SSH tunnel or a
VPN (like OpenVPN) to access your network from the remote locations.

Dan


On Sat, 2011-11-05 at 08:53 -0700, Leon Rosenberg wrote:
> Hello Daniel,
> 
> I can't use IP-Adresses, because it is possible that we show the
> preproduction system in a starbucks to some customers for user testing
> purposes.
> I have no means to know which adresses are allowed and which not.
> 
> regards
> Leon
> 
> On Thu, Nov 3, 2011 at 7:09 PM, Daniel Mikusa <dmikusa@vmware.com> wrote:
> > Leon,
> >
> > Is it a requirement for you to use BASIC auth?  or could you use
> > something like the Remote Address Filter to restrict by IP address?
> >
> > https://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter
> >
> > If you configure this valve in the restricted environment you can then
> > control who can access to just that environment.
> >
> > Dan
> >
> >
> > On Thu, 2011-11-03 at 10:10 -0700, Leon Rosenberg wrote:
> >> Hello,
> >>
> >> I have a situation where an application is accessable from outside in
> >> staging and production environment, but shouldn't be open for public
> >> in staging environment.
> >> What we did so far was, that we excluded everyone via web.xml:
> >>
> >>
> >>         <!-- security configuration -->
> >>         <login-config>
> >>                 <auth-method>BASIC</auth-method>
> >>         </login-config>
> >>         <security-role>
> >>                 <role-name>my-access</role-name>
> >>         </security-role>
> >>         <security-constraint>
> >>                 <display-name>blub</display-name>
> >>                 <web-resource-collection>
> >>                         <web-resource-name>myres</web-resource-name>
> >>                         <url-pattern>*.html</url-pattern>
> >>                 </web-resource-collection>
> >>                 <auth-constraint>
> >>                         <role-name>my-access</role-name>
> >>                 </auth-constraint>
> >>         </security-constraint>
> >>         <!-- /security configuration -->
> >>
> >> Is there any possibility to make this conditional, depending on an
> >> environment property? Is there any other opportunity to achieve the
> >> same?
> >> Currently we have to kill the above lines from web.xml after each
> >> deployment and this sucks ;-(
> >>
> >> regards
> >> Leon
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
Mime
View raw message