Hi Chris,
but allows is part of RequestFilterValve.
Not in the current trunk. Your code expects the allows variable to
be of type String[], and no such variable exists in RequestFilterValve.
Right: the point of the RequestFilterValve is that you don't have to
override the process() method.
Hi André, hi Christopher,
The use of HTTP BASIC authentication confuses things here because
of the credential transfer mechanism (HTTP headers). I suppose
you could write a Valve that sniffs the user's IP address and
then adds HTTP headers to the request for the Authentication
header to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remon,
On 10/19/2011 7:57 AM, Remon Sadikni wrote:
I managed to get it working. If you are interested in my solution
for Tomcat 6: I extended the Valve RequestFilterValve and overwrote
the method process with this content:
// Check the allow
Hi Chris,
If you overrode the process() method (and I'm sure you changed other
things, too, since the variable allows is not part of
RequestFilterValve), then you really aren't getting anything by
extending RequestFilterValve.
but allows is part of RequestFilterValve. I only extended this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remon,
On 10/19/2011 12:23 PM, Remon Sadikni wrote:
Hi Chris,
If you overrode the process() method (and I'm sure you changed
other things, too, since the variable allows is not part of
RequestFilterValve), then you really aren't getting
Hi André, hi Christopher,
thanks for your answers.
The use of HTTP BASIC authentication confuses things here because of
the credential transfer mechanism (HTTP headers). I suppose you could
write a Valve that sniffs the user's IP address and then adds HTTP
headers to the request for the
Remon Sadikni wrote:
Hi André, hi Christopher,
thanks for your answers.
The use of HTTP BASIC authentication confuses things here because of
the credential transfer mechanism (HTTP headers). I suppose you could
write a Valve that sniffs the user's IP address and then adds HTTP
headers to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remon,
On 9/27/2011 5:14 AM, Remon Sadikni wrote:
Hi André, hi Christopher,
thanks for your answers.
The use of HTTP BASIC authentication confuses things here because
of the credential transfer mechanism (HTTP headers). I suppose
you could
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 9/27/2011 7:40 AM, André Warnier wrote:
The reason why I was mentioning further complexity for the Valve
solution, is that as far as I know, the HttpServletRequest object
is immutable (iow read-only), as it is received.
For the most
Dear Tomcat developers and users,
I managed to restrict a web application by IP-adress with
RemoteAddrValve and to restrict another one by basic authentication. Now
I would like to restrict the same web application by both methods:
- If the user is inside a specific network (e.g. 134.134.*.*),
Remon Sadikni wrote:
Dear Tomcat developers and users,
I managed to restrict a web application by IP-adress with
RemoteAddrValve and to restrict another one by basic authentication. Now
I would like to restrict the same web application by both methods:
- If the user is inside a specific
Remon Sadikni wrote:
Dear Tomcat developers and users,
I managed to restrict a web application by IP-adress with
RemoteAddrValve and to restrict another one by basic authentication. Now
I would like to restrict the same web application by both methods:
- If the user is inside a specific
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 9/26/2011 9:29 AM, André Warnier wrote:
You may also want to have a look at SecurityFilter, which could
well be an easier way for you
(http://securityfilter.sourceforge.net/) I do not think that it has
provisions for automatically
13 matches
Mail list logo
