Andre,
On 20.11.2015 17:44, André Warnier (tomcat) wrote:
Well, you can use a lot more conditions in urlrewrite filter, such as a
client IP + URL patterns + lots more. And you can combine them using the
type="next".
Your original post said "My webapp have a set of resources, let's call
that set R. Some of those resources need to be accessed only from
certain source IP addresses, let's call that subset R'. And some subset
of R' (let's call it R'') needs authentication."
So if I get this correctly,
for R'' you have 3 requirements :
- a URL matching R'' (check with "request-url" or "request-uri")
- a remote IP (check with "remote_addr")
- an authenticated user (check with "remote_user" not blank)
and if it does not match the last 2, return "not found" or "forbidden"
or a login page
(or anything else that strikes your fancy)
Thanks for calrifying. I am using urlrewritefilter, for some basic
stuff, but I will take a look if it can also be used for this scenario.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
