On 1:59 PM, Konstantin Kolinko wrote:
2011/11/3 Leon Rosenberg<rosenberg.l...@gmail.com>:
I have a situation where an application is accessable from outside in
staging and production environment, but shouldn't be open for public
in staging environment.
Put it behind Apache HTTPD (or any other proxy) and let HTTPD handle
authentication& authorization instead of Tomcat.
I'd advise against using BASIC auth in public internet, unless the
channel is protected with HTTPS.
What we did so far was, that we excluded everyone via web.xml:
You can automate the above. If you pack your war file using Ant, you
can use<replaceregexp> task.
Best regards,
Konstantin Kolinko
I'm not sure what "open for public" means above.
What about using a system property (e.g. myorg.myapp.isStagingEnv=true)
in a filter or valve to accept or reject requests?
-Terence Bandoian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
