Re: only for remote access

Thu, 12 Nov 2020 07:33:27 -0800 

Jürgen,

On 11/12/20 09:50, Jürgen Weber wrote:

Chris,

it is just authentication basic.

I definitely want authentication for remote access, but I had hoped I
could override this with a Valve for local access.

>

Anyway, I'll spare the two apps and do two Servlet mappings

/local
/remote

protect /remote with <security-constraint>
and check in the servlet code if Servlet Path == local && remote IP in
local network
You can definitely do that with the RemoteIPValve and/or RemoteIPFilter. No need to write any new code. 


And I'll try to mod_rewrite /remote to /local if in local network.
That would work, but be aware of playing games with URL spaces. It can be a real pain in the neck to hit every case.
What's wrong with local users authenticating? I don't trust my network that much. 

-chris


Am Do., 12. Nov. 2020 um 14:43 Uhr schrieb Christopher Schultz
<ch...@christopherschultz.net>:


Jürgen,

On 11/12/20 06:30, Jürgen Weber wrote:

I'd like to have web app security if accessed from outside the local network.

if (!local)
     check <security-constraint>


Is this possible? with RemoteHostValve ?


You cam simulate it, but you can't use <security-constraint> in web.xml
and also get a "local" carve-out for it.

What kind of <security-constraint> are you trying to remove?

Here are some options:

1. Review why you want to do this in the first place. What makes "local"
so special?

2. Deploy two instances of your application, one of which only allows
"local" access and does NOT have the <security-constraint> in web.xml.

3. Remove the <security-constraint> from web.xml completely, and use a
Filter/Valve to enforce your security policy.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to