Do it inside your configuration. I'm using a perl-auth handler here but it
works the same for plain basic authentication.
<Location /servlets/com.norrellis.someservlet>
AuthName "Norrel Training Admin" AuthType Basic
PerlAuthenHandler Apache::AuthenCache Apache::AuthenDBI
Apache::AuthenCache::manage_cache
PerlSetVar Auth_DBI_encrypted off
PerlSetVar AuthenCache_encrypted on
PerlSetVar Auth_DBI_casesensitive off
PerlSetVar Auth_DBI_data_source
dbi:Sybase:interfaces=/usr/local/sybase/interfaces;server=NIS
PerlSetVar Auth_DBI_username xxxxxxxx
PerlSetVar Auth_DBI_password xxxxxxxx
PerlSetVar Auth_DBI_pwd_table xxxxxxx
PerlSetVar Auth_DBI_uid_field xxxxxx
PerlSetVar Auth_DBI_pwd_field xxxxx
<Limit GET>
require user xxxxx
</Limit>
</Location>
-stephan
Stirling Olson wrote:
> I'm working on the same problem.
>
> 1st) To restrict access to certain IP addresses, I think you need to add
> the security.allowedAddresses= line in your jserv.properties file. Check
> out http://jserv.apache.org/jserv/install/howto.security.html
>
> Now, on to your real question: how to force authentication on specific
> servlets. The only way that I have found to do this so far is to use the
> HttpServletRequest function getRemoteUser(). This function returns the
> username of the authenticated user (I haven't tried it yet) and you could
> use this to call your own function to check security.
>
> Anyone else have some better suggestions?
>
> Thanks,
> Stirling
>
> -----Original Message-----
> From: Mark Ashworth [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 17, 1999 2:00 PM
> To: Java Apache Users
> Subject: Servlet Authentication
>
> I'm trying to force Authentication when a user calls a servlet in the
> same way Apache forces Authentication for directories protected by an
> .htaccess file.
>
> I tried using
>
> <Location /servlets/mysevlet>
> order deny,allow
> deny from all
> allow from someIP_or_domain.com
> </Location>
>
> Can I set the "allow from ..." line to use a security realm rather than
> a domain or IP?
>
> Incidently, when I set allow to fixed IP address that did not restrict
> the servlet from other IP address. Can anyone shed light on this
> problem?
>
> --Mark Ashworth
>
> ----------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://www.working-dogs.com/>
> Problems?: [EMAIL PROTECTED]
>
> ----------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://www.working-dogs.com/>
> Problems?: [EMAIL PROTECTED]
----------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://www.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
