you can use a Remote Host or Address Filter for webapp B that only allows localhost or whatever server webapp A runs on:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html something like this: <Context of webapp B> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="<ip of webapp A>" /> </Context> -Lou --- Jason Novotny <[EMAIL PROTECTED]> wrote: > > Hi Jim, > > Thanks-- I just looked at using a filter as a > solution, but there > seems to be a problem. I want the servlet in webapp > A to be able to > dispatch to B but not a user. The problem is the > filter will block all > requests including the dispatch from A. I need a way > to somehow ensure > that A can invoke servlet B in web app B but not a > user navigating > directly... any ideas are greatly appreciated. > Actually one question would be how to create a > filter that allows > incoming requests from that same machine but not > IP's outside of it I guess? > > Thanks, Jason > > > Jim Henderson wrote: > > >Take a look at yesterdays (6/23 5:02 PM) posting > "Blocking urls". That > >should help. > > > >-----Original Message----- > >From: Jason Novotny [mailto:[EMAIL PROTECTED] > >Sent: Thursday, June 23, 2005 10:13 PM > >To: [email protected] > >Subject: how do i restrict servlet access? > > > > > > > >Hi, > > > > I have a webapp A that uses cross-context to > dispatch requests to > >webapp B. However, I want users to have to go thru > webapp A and the > >mapping I set in web.xml. How do I restrict access > so only webapp A can > >invoke B's servlet but B should be inaccessible to > users navigation. Is > >there something I can set in the web.xml of B or > would I need to modify > >server.xml as a site wide configuration? > > > > Thanks, Jason > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
