tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Falco Schwarz <>
Subject web.xml processing order of directives - filter vs security-constraint
Date Fri, 04 Jul 2014 14:37:32 GMT

I am trying to set up the jmx proxy servlet and am kinda stuck on security.
I would like to:

- restrict access to localhost
- restrict access to require basic authentication

Currently it works, though in the wrong order. This is how the request is
being processed right now:

1) user accesses /infra/jmx
2) user has to authenticate
3) user is being denied

Is it possible to switch step 2 and 3?

Relevant parts of web.xml, webapp is called infra:



      <web-resource-name>JMX Proxy interface</web-resource-name>
    <realm-name>JMX Proxy</realm-name>
      The role that is required to access the JMX Proxy

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message