> From: Bruce Edge [mailto:bruce.e...@gmail.com] > Subject: Re: Mix http and https on one tomcat server? > > I assume that I need a different connector for each, so I changed the > 8080 redirector in server.xml:
Put it back the way it was; the redirectPort attribute is required so a switch to HTTPS can occur when needed. > However, I don't see where I designate the difference between a local > address, 127.0.0.1, and an external address. You normally don't need to. Tomcat listens on all available IP addresses, including 127.0.0.1. If you want to restrict a particular connector to just 127.0.0.1, use the address attribute. > <url-pattern>/*</url-pattern> <- Is this what needs to > refer to the internal vs. external address? No, the <url-pattern> is relative to the webapp. > but can it be setup to _not_ require a password for localhost access? Not without some additional configuration. Don't try to do this at the <Connector> level - it's unlikely that you'll ever be able to get it to work. Instead, use a filter or <Valve> to check the client's IP address, and set the role in the Session object if it's localhost. > In short, I want: > localhost - no auth, no ssl > external - passwd auth and ssl I suspect you're going to have to use SSL for any protected webapp, regardless of the client's IP address. You might want to look at http://securityfilter.sourceforge.net/ to see if it will do more of what you want. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
