On Wed, Jun 17, 2009 at 9:37 AM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
From: Bruce Edge [mailto:bruce.e...@gmail.com]
Subject: Re: Mix http and https on one tomcat server?
...snip...
but can it be setup to _not_ require a password for localhost access?
Not without
Bruce Edge wrote:
...
I can do this:
Valve className=org.apache.catalina.valves.RemoteAddrValve
allow=127.*/
but does that really do anything if I'm already accepting connections from
127.*?
You're right (and perceptive). /That/ Valve does not help.
Chuck meant that you'd need to
André Warnier wrote:
Bruce Edge wrote:
...
Since I don't really feel like doing what I should really be doing
tonight, let me elaborate a bit.
The Request comes into your webapp, and first hits the filter.
The filter checks if the IP origin of the request is 127.0.0.1.
If it is, it
André Warnier wrote:
and he's back.
Browsing the documentation of urlrewritefilter, at
http://tuckey.org/urlrewrite/manual/2.6/
In the condition element, one of the conditions is :
remote-addr The IP address of the host making the request, e.g.
123.123.123.12 i.e. request.getRemoteAddr()
So
André Warnier wrote:
Ooops. I forgot to add this : in the /thewebapp-internal, you should
also have a filter, this time which /blocks/ the request if it does
/not/ come from 127.0.0.1. Otherwise people not from 127.0.0.1 would be
able to hit it directly, just by knowing the
On Thu, Jun 18, 2009 at 2:10 PM, André Warnier a...@ice-sa.com wrote:
André Warnier wrote:
Ooops. I forgot to add this : in the /thewebapp-internal, you should also
have a filter, this time which /blocks/ the request if it does /not/ come
from 127.0.0.1. Otherwise people not from 127.0.0.1
Bruce Edge wrote:
André,
thanks for your help.
Well actually, forget all I said, it turns out that it was mostly
nonsense. The problem is, that if you use the container (Tomcat) based
authentication, then the authentication will happen anyway, before it
even gets to the servlet filter.
Securityfilter seems like overkill. I'd like to try the custom Valve first.
Any idea how I can get at the Role from the Valve invoke method?
public void invoke(Request arg0, Response arg1) throws IOException,
ServletException {
Can I drill down into the Request and find the role?
-Bruce
Bruce Edge wrote:
Securityfilter seems like overkill. I'd like to try the custom Valve first.
Any idea how I can get at the Role from the Valve invoke method?
Sorry, that's beyond my league. But persist a little, there's a a lot
here who could tell you.
From: Bruce Edge [mailto:bruce.e...@gmail.com]
Subject: Mix http and https on one tomcat server?
Is it possible to deploy both http and https on the same
tomcat instance?
Of course.
Read the doc:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
On Wed, Jun 17, 2009 at 8:39 AM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
From: Bruce Edge [mailto:bruce.e...@gmail.com]
Subject: Mix http and https on one tomcat server?
Is it possible to deploy both http and https on the same
tomcat instance?
Of course.
Read the
From: Bruce Edge [mailto:bruce.e...@gmail.com]
Subject: Re: Mix http and https on one tomcat server?
I assume that I need a different connector for each, so I changed the
8080 redirector in server.xml:
Put it back the way it was; the redirectPort attribute is required so a switch
to HTTPS
12 matches
Mail list logo