You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ujjain <ic...@gmail.com> on 2009/04/10 11:56:48 UTC
Setting up web authentication login for a webapp, but with an
exception for 1 ip address?
I am currently securing my webapp with web authentication via this code in
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Administration Interface
</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Restricted Access: Administration</realm-name>
</login-config>
<security-role>
<description>System Administrators</description>
<role-name>admin</role-name>
</security-role>
</web-app>
But I wish to be able to allow 1 ip to access this web-app without logging
in, because the monitoring application server cannot be set to automatically
log in using a username and password.
--
View this message in context: http://www.nabble.com/Setting-up-web-authentication-login-for-a-webapp%2C-but-with-an-exception-for-1-ip-address--tp22985772p22985772.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Setting up web authentication login for a webapp, but with an
exception for 1 ip address?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck,
On 4/10/2009 8:09 AM, Caldarale, Charles R wrote:
>> From: ujjain [mailto:iceujjain@gmail.com]
>> Subject: Setting up web authentication login for a webapp, but with
>> anexception for 1 ip address?
>>
>> But I wish to be able to allow 1 ip to access this web-app
>> without logging in
>
> I don't think you can do that with standard container-managed security. You may be able to do it programatically with a filter based on the SecurityFilter from here:
> http://securityfilter.sourceforge.net/
Just like with Tomcat, secureityfilter would require a custom realm to
be written that adds an exception for an ip address. The advantage of
using sf is that you don't tie yourself to a single version of Tomcat by
hacking the existing authentication and authorization valve.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknfbncACgkQ9CaO5/Lv0PAgLgCgofI11QuWmS/BosDaX+Bk9/0X
WhUAoLuI1rTMq/fnOD9r2NTIGDXROYGD
=GXhT
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Setting up web authentication login for a webapp, but with
anexception for 1 ip address?
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: ujjain [mailto:iceujjain@gmail.com]
> Subject: Setting up web authentication login for a webapp, but with
> anexception for 1 ip address?
>
> But I wish to be able to allow 1 ip to access this web-app
> without logging in
I don't think you can do that with standard container-managed security. You may be able to do it programatically with a filter based on the SecurityFilter from here:
http://securityfilter.sourceforge.net/
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org