tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leon Rosenberg <rosenberg.l...@gmail.com>
Subject Re: making security constraints configureable
Date Sat, 05 Nov 2011 15:53:28 GMT
Hello Daniel,

I can't use IP-Adresses, because it is possible that we show the
preproduction system in a starbucks to some customers for user testing
purposes.
I have no means to know which adresses are allowed and which not.

regards
Leon

On Thu, Nov 3, 2011 at 7:09 PM, Daniel Mikusa <dmikusa@vmware.com> wrote:
> Leon,
>
> Is it a requirement for you to use BASIC auth?  or could you use
> something like the Remote Address Filter to restrict by IP address?
>
> https://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter
>
> If you configure this valve in the restricted environment you can then
> control who can access to just that environment.
>
> Dan
>
>
> On Thu, 2011-11-03 at 10:10 -0700, Leon Rosenberg wrote:
>> Hello,
>>
>> I have a situation where an application is accessable from outside in
>> staging and production environment, but shouldn't be open for public
>> in staging environment.
>> What we did so far was, that we excluded everyone via web.xml:
>>
>>
>>         <!-- security configuration -->
>>         <login-config>
>>                 <auth-method>BASIC</auth-method>
>>         </login-config>
>>         <security-role>
>>                 <role-name>my-access</role-name>
>>         </security-role>
>>         <security-constraint>
>>                 <display-name>blub</display-name>
>>                 <web-resource-collection>
>>                         <web-resource-name>myres</web-resource-name>
>>                         <url-pattern>*.html</url-pattern>
>>                 </web-resource-collection>
>>                 <auth-constraint>
>>                         <role-name>my-access</role-name>
>>                 </auth-constraint>
>>         </security-constraint>
>>         <!-- /security configuration -->
>>
>> Is there any possibility to make this conditional, depending on an
>> environment property? Is there any other opportunity to achieve the
>> same?
>> Currently we have to kill the above lines from web.xml after each
>> deployment and this sucks ;-(
>>
>> regards
>> Leon
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message