I would like to be able to configure a web application with optional security restrains. Basically I only want the application to be secured only if an external setting such as a realm is present or application context parameter is set.

In secure mode I want to use form based authentication as defined in the web.xml in the usual way.

In unsecured mode I want to allow all access to the application.

I know how to update server.xml and web.xml to achieve both independently, but I am looking for toggle to allow me to control the operations mode outside of the application.

Would it work to create a realm which always allows access and then configure either a proper authenticating or a less-proper allow-all realm in the server.xml file ? Would this still prompt users for access ?

Any other suggestions on this ?

Kind regards

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to