I'm working on the same problem.
1st) To restrict access to certain IP addresses, I think you need to add
the security.allowedAddresses= line in your jserv.properties file. Check
out http://jserv.apache.org/jserv/install/howto.security.html
Now, on to your real question: how to force authentication on specific
servlets. The only way that I have found to do this so far is to use the
HttpServletRequest function getRemoteUser(). This function returns the
username of the authenticated user (I haven't tried it yet) and you could
use this to call your own function to check security.
Anyone else have some better suggestions?
Thanks,
Stirling
-----Original Message-----
From: Mark Ashworth [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 17, 1999 2:00 PM
To: Java Apache Users
Subject: Servlet Authentication
I'm trying to force Authentication when a user calls a servlet in the
same way Apache forces Authentication for directories protected by an
.htaccess file.
I tried using
<Location /servlets/mysevlet>
order deny,allow
deny from all
allow from someIP_or_domain.com
</Location>
Can I set the "allow from ..." line to use a security realm rather than
a domain or IP?
Incidently, when I set allow to fixed IP address that did not restrict
the servlet from other IP address. Can anyone shed light on this
problem?
--Mark Ashworth
----------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://www.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
----------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://www.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
