2014-07-05 11:41 GMT+04:00 Falco Schwarz <hid...@falco.me>: > I should add that the IP restriction is applied via filter, not with a > tomcat Valve. Essentially the question breaks down to this: > > Is it possible in any way for a filter to be applied before the evaluation > of the security-constraint? Or is there any other way of setting up an IP > filter combined with authentication given the order from above?
No. A security-constraint is applied before the request reaches a web application. You can either perform IP filtering in a Valve (that will be in the pipeline before an Authenticator), or you can remove security-constraint and implement authentication and authorization in a filter (such as Security Filter, or using Spring Security framework) . http://wiki.apache.org/tomcat/AddOns#Filters Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
