tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: web.xml processing order of directives - filter vs security-constraint
Date Sat, 05 Jul 2014 13:26:38 GMT
2014-07-05 11:41 GMT+04:00 Falco Schwarz <hiding@falco.me>:
> I should add that the IP restriction is applied via filter, not with a
> tomcat Valve. Essentially the question breaks down to this:
>
> Is it possible in any way for a filter to be applied before the evaluation
> of the security-constraint? Or is there any other way of setting up an IP
> filter combined with authentication given the order from above?

No. A security-constraint is applied before the request reaches a web
application.

You can either perform IP filtering in a Valve (that will be in the
pipeline before an Authenticator), or you can remove
security-constraint and implement authentication and authorization in
a filter (such as Security Filter, or using Spring Security framework)
.
http://wiki.apache.org/tomcat/AddOns#Filters


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message