Hello Konstantin, On Mon, Nov 7, 2011 at 4:30 AM, Konstantin Kolinko <knst.koli...@gmail.com> wrote: > 2011/11/3 Leon Rosenberg <rosenberg.l...@gmail.com>: >> I have a situation where an application is accessable from outside in >> staging and production environment, but shouldn't be open for public >> in staging environment. > > Put it behind Apache HTTPD (or any other proxy) and let HTTPD handle > authentication & authorization instead of Tomcat.
That would be the last and least acceptable choice... > > I'd advise against using BASIC auth in public internet, unless the > channel is protected with HTTPS. > >> What we did so far was, that we excluded everyone via web.xml: >> > > You can automate the above. If you pack your war file using Ant, you > can use <replaceregexp> task. This doesn't work, cause we use exactly the same war in prod and preprod. But thanx for suggestions anyway! thanx Leon > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org