On Wed, Jun 17, 2009 at 9:37 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote:
> > From: Bruce Edge [mailto:bruce.e...@gmail.com] > > Subject: Re: Mix http and https on one tomcat server? > <...snip...> > > > but can it be setup to _not_ require a password for localhost access? > > Not without some additional configuration. Don't try to do this at the > <Connector> level - it's unlikely that you'll ever be able to get it to > work. Instead, use a filter or <Valve> to check the client's IP address, > and set the role in the Session object if it's localhost. > How do I set the role in a valve? I can do this: <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.*"/> but does that really do anything if I'm already accepting connections from 127.*? What do you mean by a filter? Sorry, I'm really new at this. I'm a C++/gSOAP web services guy whose in the middle of a toolset change :-) -Bruce > > > In short, I want: > > localhost - no auth, no ssl > > external - passwd auth and ssl > > I suspect you're going to have to use SSL for any protected webapp, > regardless of the client's IP address. > > You might want to look at http://securityfilter.sourceforge.net/ to see if > it will do more of what you want. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >