RE: Webapp security by IP range

[Cope, Jared]

Thanks. 

I was hoping that was not going to be the answer though. I thought about
doing it this way, but wanted to avoid the overhead of managing two
application directories. Maybe it's unavoidable in tomcat.

Jared.

-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED] 
Sent: 04 July 2005 20:13
To: Tomcat Users List
Subject: Re: Webapp security by IP range

Cope, Jared wrote:
 I was wondering if it is possible to apply some webapp security that will
 kick in for connections made from a certain IP range, and will not kick in
 for another set of IP ranges.

How about:
  - deploy the app twice under different contexts
  - use a remote address filter valve for the internal users
  - use normal web app security for the external users

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Webapp security by IP range

[Cope, Jared]

Hi,

I was wondering if it is possible to apply some webapp security that will
kick in for connections made from a certain IP range, and will not kick in
for another set of IP ranges.

The scenario is that I want users on our Intranet subnet to not have to
authenticate, but if users visit the site from their home Internet
connection then they do have to authenticate.

I can't seem to find any examples in the Tomcat manual or web that define a
security realm by IP range. Has anyone had any success with this?

Cheers, Jared.