Leon,
Is it a requirement for you to use BASIC auth? or could you use
something like the Remote Address Filter to restrict by IP address?
https://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter
If you configure this valve in the restricted environment you can then
control who can access to just that environment.
Dan
On Thu, 2011-11-03 at 10:10 -0700, Leon Rosenberg wrote:
> Hello,
>
> I have a situation where an application is accessable from outside in
> staging and production environment, but shouldn't be open for public
> in staging environment.
> What we did so far was, that we excluded everyone via web.xml:
>
>
> <!-- security configuration -->
> <login-config>
> <auth-method>BASIC</auth-method>
> </login-config>
> <security-role>
> <role-name>my-access</role-name>
> </security-role>
> <security-constraint>
> <display-name>blub</display-name>
> <web-resource-collection>
> <web-resource-name>myres</web-resource-name>
> <url-pattern>*.html</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>my-access</role-name>
> </auth-constraint>
> </security-constraint>
> <!-- /security configuration -->
>
> Is there any possibility to make this conditional, depending on an
> environment property? Is there any other opportunity to achieve the
> same?
> Currently we have to kill the above lines from web.xml after each
> deployment and this sucks ;-(
>
> regards
> Leon
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
|