-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 AHartner,
On 6/8/15 3:45 PM, AHartner wrote: > I would like to be able to configure a web application with > optional security restrains. Basically I only want the application > to be secured only if an external setting such as a realm is > present or application context parameter is set. > > In secure mode I want to use form based authentication as defined > in the web.xml in the usual way. > > In unsecured mode I want to allow all access to the application. What User Principal should be used when the application is in "unsecured mode"? What should the roles be for that principal? > I know how to update server.xml and web.xml to achieve both > independently, but I am looking for toggle to allow me to control > the operations mode outside of the application. > > Would it work to create a realm which always allows access and > then configure either a proper authenticating or a less-proper > allow-all realm in the server.xml file ? Would this still prompt > users for access ? Yes, FORM authentication will always ask for credentials if there is no user principal available. If you know which user you'd like to use for auto-login, why not create a Valve that checks for your context parameter and auto-logs-in the user if you are in "unsecured mode"? You should be able to use the HttpServletRequest.login() method to perform the auto-login. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVdf7vAAoJEBzwKT+lPKRY1kcQAIqyHg4PbabLj57hJU4ubDme IEEGee77MVVrJP5eczMNjIT46vvQnz6mcdduCMEetzFFtXRvubm4A7noZwZICNec A9mMSMVLtVw2QpX92Gf2kPr8t1ECPoII5kgcu4ey0uDqYIvhBuPtmsirK5nZrZ83 0dMVy47/1Lyh77Rf6cIv/GlY9aLNuIMSsTY7Vdx/oqSNRG9lSt1gZAjm6tNCkqOn 3KCZMaSORwfgt2w/LrRXAmxoZKctSYmsPwJ8dJwcU4tGzUko39xdxLy34Q657vTt nPXYRwkT0eOOPKWNeW/hCKcwAtP23HZzm5yuTC6TcqFxWiKJRt6NvkRa9E094DIf 3qaURHAnXlwE8yDtBXt/aiX5+qAA5Upedd/sWbv/5vnC6O//eo5ZO4pmfjOrBdRT nSSINBKI7o3NDvi37nXM+K8HHX/xuNKET6liQwEp57pz+seqIumQF5G3CuxmEa+W DrBduPA3iXPv/nqOHRVm4yb9airKFy8KdarTNRH/GgnuhuzFHBUlqRlS8tU6i4uF 05q1m316uwL9sdiDQmkP5TJ5Hgg7kk+KJHeYiKluJVEU1BjruzlGKKzHMCcrJ6yO LuiZW5nM1vbHC+SVMY/ZQXdeu/L/twQqAhllOULZGu396jBpQMmXiPYb4m/KkqhF da1JIXaTzxqGETaRz3h8 =blvG -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org