I would like to be able to configure a web application with optional
security restrains. Basically I only want the application to be secured
only if an external setting such as a realm is present or application
context parameter is set.
In secure mode I want to use form based authentication as defined in the
web.xml in the usual way.
In unsecured mode I want to allow all access to the application.
I know how to update server.xml and web.xml to achieve both
independently, but I am looking for toggle to allow me to control the
operations mode outside of the application.
Would it work to create a realm which always allows access and then
configure either a proper authenticating or a less-proper allow-all
realm in the server.xml file ? Would this still prompt users for access ?
Any other suggestions on this ?
Kind regards
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org