need allowed ips to bypass user authentication and vice-versa

[Doug Black <do...@westrockvisions.com>]

I would have thought this need was common, but I found just one old thread on 
this list of a similar problem, and I didn't understand the answers or they 
seem to difficult. I need to allow certain IP ranges access to a particular 
context and require all others to enter a username and password. I can set up 
an effective valve for the ips (or hosts) and an effective realm for users but 
all allowed ips are forced through the realm and all denied ips only receive a 
403 status message. If I understood the suggestion to the earlier similar 
thread I would have to write my own valve to redirect the IPs appropriately. 
Is there any easier way with appropriate nesting of the valve and realm or 
perhaps an easier way to redirect the 403 message and put the realm in another 
context and then redirect to the original context. If not, where do I get 
guidance on writing my own valve?


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org