Hello Daniel, I can't use IP-Adresses, because it is possible that we show the preproduction system in a starbucks to some customers for user testing purposes. I have no means to know which adresses are allowed and which not.
regards Leon On Thu, Nov 3, 2011 at 7:09 PM, Daniel Mikusa <dmik...@vmware.com> wrote: > Leon, > > Is it a requirement for you to use BASIC auth? or could you use > something like the Remote Address Filter to restrict by IP address? > > https://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter > > If you configure this valve in the restricted environment you can then > control who can access to just that environment. > > Dan > > > On Thu, 2011-11-03 at 10:10 -0700, Leon Rosenberg wrote: >> Hello, >> >> I have a situation where an application is accessable from outside in >> staging and production environment, but shouldn't be open for public >> in staging environment. >> What we did so far was, that we excluded everyone via web.xml: >> >> >> <!-- security configuration --> >> <login-config> >> <auth-method>BASIC</auth-method> >> </login-config> >> <security-role> >> <role-name>my-access</role-name> >> </security-role> >> <security-constraint> >> <display-name>blub</display-name> >> <web-resource-collection> >> <web-resource-name>myres</web-resource-name> >> <url-pattern>*.html</url-pattern> >> </web-resource-collection> >> <auth-constraint> >> <role-name>my-access</role-name> >> </auth-constraint> >> </security-constraint> >> <!-- /security configuration --> >> >> Is there any possibility to make this conditional, depending on an >> environment property? Is there any other opportunity to achieve the >> same? >> Currently we have to kill the above lines from web.xml after each >> deployment and this sucks ;-( >> >> regards >> Leon >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
