<!-- Example 4 - allow access to only host "127.0.0.1" -->
<host-acr id="allow ip rule">
<allow-address>
<address>127.0.0.1</address>
</allow-address>
</host-acr>
<!-- Example 6 - allow access only to "localhost" -->
<host-acr id="allow host rule">
<allow-host>
<host>localhost</host>
</allow-host>
</host-acr>
Note that rules based on hostnames should be considered "risky" as they are subject to DNS lookups resolving.
With Cams, you can also chain rules with operators. So, you could make a rule like:
<!-- Allow only authenticated users with role "manager" from the internal LAN -->
<acr id=allow managers from LAN">
<role-constraint>
<role-name>manager</role-name>
<role-class>com.cafesoft.cams.auth.CSUserPrincipal</role-class>
</role-constraint>
<and/>
<allow-address>
<address>192.168.0</address>
</allow-address>
</acr>
Gary
icewind wrote:
Could anyone tell me how to limit access to a
particular servlet by IP address or hostname?
Any pointer to documentation that cover this topic
would be appreciated.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
-- Gary Gwin http://www.cafesoft.com
***************************************************************** * * * The Cafesoft Access Management System, Cams, is security * * software that provides single sign-on authentication and * * centralized access control for Apache, Tomcat, and custom * * resources. * * * ***************************************************************** -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
