Jürgen,
On 11/12/20 06:30, Jürgen Weber wrote:
I'd like to have web app security if accessed from outside the local network.
if (!local)
check <security-constraint>
Is this possible? with RemoteHostValve ?
You cam simulate it, but you can't use <security-constraint> in web.xml
and also get a "local" carve-out for it.
What kind of <security-constraint> are you trying to remove?
Here are some options:
1. Review why you want to do this in the first place. What makes "local"
so special?
2. Deploy two instances of your application, one of which only allows
"local" access and does NOT have the <security-constraint> in web.xml.
3. Remove the <security-constraint> from web.xml completely, and use a
Filter/Valve to enforce your security policy.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
