-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruce,
On 6/16/2009 7:44 PM, Bruce Edge wrote: > I have tomcat working with ssl, but I'd like to allow localhost clients to > use no authentication. > > Is it possible to deploy the same service with authentication to external > addresses and no auth to 127.0.0.1? This is not possible to do with Tomcat's built-in authentication mechanism on a single webapp deployment. You do have some options, though: 1. Deploy the app twice, once with security conditions and once without. Restrict the condition-less deployment to 127.0.0.1. 2. If this is just a few URIs that work this way, consider giving them alternative mappings that are only available on 127.0.0.1, and do not put access restrictions on them. Remember that your code may expect that a valid principal (aka user) is associated with a request, so don't forget to fully-test your code. 3. Use a different authenticator like securityfilter (http://securityfilter.sourceforge.net) and write your own Realm that auto-authenticates and authorizes anyone from 127.0.0.1 Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko5KjEACgkQ9CaO5/Lv0PBxrgCgmV4qvi2RHS8okQB1NFP20H5v y1gAoJdOJPPDB2FO+8rjy3gpOICph3L2 =LUd3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
