tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: web.xml processing order of directives - filter vs security-constraint
Date Sat, 05 Jul 2014 13:26:38 GMT
2014-07-05 11:41 GMT+04:00 Falco Schwarz <>:
> I should add that the IP restriction is applied via filter, not with a
> tomcat Valve. Essentially the question breaks down to this:
> Is it possible in any way for a filter to be applied before the evaluation
> of the security-constraint? Or is there any other way of setting up an IP
> filter combined with authentication given the order from above?

No. A security-constraint is applied before the request reaches a web

You can either perform IP filtering in a Valve (that will be in the
pipeline before an Authenticator), or you can remove
security-constraint and implement authentication and authorization in
a filter (such as Security Filter, or using Spring Security framework)

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message