I would like to set up a single standalone instance of tomcat with connectors on two ports, and deploy one servlet to work only on one port and a different servlet to work only on the other port. Is this possible?
If not, the only way I can get around it that I can see is to use the ServletRequest.getServerPort() method to check which port the request came in on an reject it if it was on the wrong port. I suspect however that this is not secure as the value returned by getServerPort() comes from the request header, which can easily be spoofed. Will the ServletRequest.getLocalPort() method in the proposed 2.4 spec be more secure? How are other people doing this?
