On 5 July 2014 08:41:52 BST, Falco Schwarz <hid...@falco.me> wrote: >I should add that the IP restriction is applied via filter, not with a >tomcat Valve. Essentially the question breaks down to this: > >Is it possible in any way for a filter to be applied before the >evaluation >of the security-constraint?
No. >Or is there any other way of setting up an >IP >filter combined with authentication given the order from above? Maybe look at a third party security plugin like Spring Security? Not sure if this is supported but worth a look. Mark > >Any hint for the right direction would be greatly appreciated. > >Thanks, >Falco > > >On Fri, Jul 4, 2014 at 4:37 PM, Falco Schwarz <hid...@falco.me> wrote: > >> All, >> >> I am trying to set up the jmx proxy servlet and am kinda stuck on >> security. I would like to: >> >> - restrict access to localhost >> - restrict access to require basic authentication >> >> Currently it works, though in the wrong order. This is how the >request is >> being processed right now: >> >> 1) user accesses /infra/jmx >> 2) user has to authenticate >> 3) user is being denied >> >> Is it possible to switch step 2 and 3? >> >> Relevant parts of web.xml, webapp is called infra: >> >> <servlet> >> <servlet-name>JMXProxy</servlet-name> >> >> ><servlet-class>org.apache.catalina.manager.JMXProxyServlet</servlet-class> >> </servlet> >> <servlet-mapping> >> <servlet-name>JMXProxy</servlet-name> >> <url-pattern>/jmx/*</url-pattern> >> </servlet-mapping> >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>JMX Proxy interface</web-resource-name> >> <url-pattern>/jmx/*</url-pattern> >> </web-resource-collection> >> <auth-constraint> >> <role-name>jmx</role-name> >> </auth-constraint> >> </security-constraint> >> <login-config> >> <auth-method>BASIC</auth-method> >> <realm-name>JMX Proxy</realm-name> >> </login-config> >> <security-role> >> <description> >> The role that is required to access the JMX Proxy >> </description> >> <role-name>jmx</role-name> >> </security-role> >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
