tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Terence M. Bandoian" <>
Subject Re: making security constraints configureable
Date Mon, 07 Nov 2011 19:45:21 GMT
  On 1:59 PM, Konstantin Kolinko wrote:
> 2011/11/3 Leon Rosenberg<>:
>> I have a situation where an application is accessable from outside in
>> staging and production environment, but shouldn't be open for public
>> in staging environment.
> Put it behind Apache HTTPD (or any other proxy) and let HTTPD handle
> authentication&  authorization instead of Tomcat.
> I'd advise against using BASIC auth in public internet, unless the
> channel is protected with HTTPS.
>> What we did so far was, that we excluded everyone via web.xml:
> You can automate the above. If you pack your war file using Ant, you
> can use<replaceregexp>  task.
> Best regards,
> Konstantin Kolinko

I'm not sure what "open for public" means above.

What about using a system property (e.g. myorg.myapp.isStagingEnv=true) 
in a filter or valve to accept or reject requests?

-Terence Bandoian

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message