Different security constraints for different ip addresses
I want to be able to give non login authorization for a local subnet, but force everybody else to login to a site. Can I do this with combinations of ip-constraint and auth-constraint in web.xml? Something like the following would give access to a private subnet. Could I give access to everybody else by forcing them to login? security-constraint web-resource-collection url-pattern/admin/*/url-pattern /web-resource-collection ip-constraint allow192.168.1.0/24/allow /ip-constraint /security-constraint Thanks. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Different security constraints for different ip addresses
Omar Eljumaily wrote: I want to be able to give non login authorization for a local subnet, but force everybody else to login to a site. Can I do this with combinations of ip-constraint and auth-constraint in web.xml? No, since the servlet spec does not define a constraint based on ip-address. Options that would work include: - a filter - separate contexts and a remote address valve Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]