Hi André, hi Christopher, thanks for your answers.
The use of HTTP BASIC authentication confuses things here because of the credential transfer mechanism (HTTP headers). I suppose you could write a Valve that sniffs the user's IP address and then adds HTTP headers to the request for the "Authentication" header to essentially force a login. You'll have to decide what the user's Principal will need to look like (because Tomcat will actually try to /verify/ the fake-user's credentials and maintain a "login" for them, running proper authorization checks, etc.) in order to actually work.
I think I will try this. Are there any tutorials for writing a Valve? I am a Java programmer but new to Valves.
Thank you very much, Remon --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
