Address based security profile?

[Bruce Edge <br...@gmail.com>]

Hi,
I have tomcat working with ssl, but I'd like to allow localhost clients to
use no authentication.

Is it possible to deploy the same service with authentication to external
addresses and no auth to 127.0.0.1?
If this is in the docs, could someone send me a link to this section?

Thanks

-Bruce

Re: Address based security profile?

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bruce,

On 6/16/2009 7:44 PM, Bruce Edge wrote:
> I have tomcat working with ssl, but I'd like to allow localhost clients to
> use no authentication.
> 
> Is it possible to deploy the same service with authentication to external
> addresses and no auth to 127.0.0.1?

This is not possible to do with Tomcat's built-in authentication
mechanism on a single webapp deployment. You do have some options, though:

1. Deploy the app twice, once with security conditions and once without.
Restrict the condition-less deployment to 127.0.0.1.

2. If this is just a few URIs that work this way, consider giving them
alternative mappings that are only available on 127.0.0.1, and do not
put access restrictions on them. Remember that your code may expect that
a valid principal (aka user) is associated with a request, so don't
forget to fully-test your code.

3. Use a different authenticator like securityfilter
(http://securityfilter.sourceforge.net) and write your own Realm that
auto-authenticates and authorizes anyone from 127.0.0.1

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAko5KjEACgkQ9CaO5/Lv0PBxrgCgmV4qvi2RHS8okQB1NFP20H5v
y1gAoJdOJPPDB2FO+8rjy3gpOICph3L2
=LUd3
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org