They used to be all "interface" servlets, but then I unified all external
interface access into one simple servlet that forwards the request to the
appropriate service. This way it should be easier to control the access to
that context (e.g., protect it with a password, deny access to "internal"
services, etc.). The "internal" contexts also provide service to other
internal servers.
----- Original Message -----
From: "Markus Schönhaber" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, April 06, 2006 17:23
Subject: Re: access control
Zohar wrote:
I have a few servlets which are deployed to different contexts (each
servlet to its own context). One of these servlets acts as an interface
to
clients, and it forwards the requests from clients to the appropriate
servlets. I don't want any of the non-interface servlets to be accessible
to clients (but they must still be accessible to the interface servlet).
How do I do that?
You could, for example, use a Remote Address Filter or a Remote Host
Filter
for the contexts you don't want to be accessible:
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Remote%20Address%20Filter
But would you mind to elaborate a little why you put servlets into
contexts
you don't want to be accessible or why it is neccessary for those
"non-interface servlets" to be servlets at all?
Regards
mks
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]