Chris,

it is just authentication basic.

I definitely want authentication for remote access, but I had hoped I
could override this with a Valve for local access.

Anyway, I'll spare the two apps and do two Servlet mappings

/local
/remote

protect /remote with <security-constraint>
and check in the servlet code if Servlet Path == local && remote IP in
local network

And I'll try to mod_rewrite /remote to /local if in local network.


Juergen

Am Do., 12. Nov. 2020 um 14:43 Uhr schrieb Christopher Schultz
<ch...@christopherschultz.net>:
>
> Jürgen,
>
> On 11/12/20 06:30, Jürgen Weber wrote:
> > I'd like to have web app security if accessed from outside the local 
> > network.
> >
> > if (!local)
> >     check <security-constraint>
> >
> >
> > Is this possible? with RemoteHostValve ?
>
> You cam simulate it, but you can't use <security-constraint> in web.xml
> and also get a "local" carve-out for it.
>
> What kind of <security-constraint> are you trying to remove?
>
> Here are some options:
>
> 1. Review why you want to do this in the first place. What makes "local"
> so special?
>
> 2. Deploy two instances of your application, one of which only allows
> "local" access and does NOT have the <security-constraint> in web.xml.
>
> 3. Remove the <security-constraint> from web.xml completely, and use a
> Filter/Valve to enforce your security policy.
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to