2011/11/3 Leon Rosenberg <rosenberg.l...@gmail.com>: > I have a situation where an application is accessable from outside in > staging and production environment, but shouldn't be open for public > in staging environment.
Put it behind Apache HTTPD (or any other proxy) and let HTTPD handle authentication & authorization instead of Tomcat. I'd advise against using BASIC auth in public internet, unless the channel is protected with HTTPS. > What we did so far was, that we excluded everyone via web.xml: > You can automate the above. If you pack your war file using Ant, you can use <replaceregexp> task. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org