André Warnier wrote:
Bruce Edge wrote:
...
Since I don't really feel like doing what I should really be doing
tonight, let me elaborate a bit.
The Request comes "into" your webapp, and first hits the filter.
The filter checks if the IP origin of the request is 127.0.0.1.
If it is, it "authenticates" the request with some pre-defined user/role
(*). If it's from somewhere else, it doesn't.
Next, the request filters down to your webapp.
The security environment around your webapp (Tomcat's doing, according
to your setup) checks if the request is authenticated. If it is, it
goes through to your webapp. If not, it is intercepted by the normal
authentication mechanism.
Now the (*) bit, I'll leave to the experts, because I don't really have
a clue how to write something like that. All I know is that there must
be some UserPrincipal kind of object involved there.
But I think that the urlrewritefilter also can do the dirty stuff for
you there.
I'll go check, cause I'm also interested.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
