Chris, it is just authentication basic.
I definitely want authentication for remote access, but I had hoped I could override this with a Valve for local access. Anyway, I'll spare the two apps and do two Servlet mappings /local /remote protect /remote with <security-constraint> and check in the servlet code if Servlet Path == local && remote IP in local network And I'll try to mod_rewrite /remote to /local if in local network. Juergen Am Do., 12. Nov. 2020 um 14:43 Uhr schrieb Christopher Schultz <ch...@christopherschultz.net>: > > Jürgen, > > On 11/12/20 06:30, Jürgen Weber wrote: > > I'd like to have web app security if accessed from outside the local > > network. > > > > if (!local) > > check <security-constraint> > > > > > > Is this possible? with RemoteHostValve ? > > You cam simulate it, but you can't use <security-constraint> in web.xml > and also get a "local" carve-out for it. > > What kind of <security-constraint> are you trying to remove? > > Here are some options: > > 1. Review why you want to do this in the first place. What makes "local" > so special? > > 2. Deploy two instances of your application, one of which only allows > "local" access and does NOT have the <security-constraint> in web.xml. > > 3. Remove the <security-constraint> from web.xml completely, and use a > Filter/Valve to enforce your security policy. > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
