authentication via the security-constraint in the web.xml except for localhost

Question

Within the web.xml of a Java EE Servlet Container (Tomcat, Glassfish etc.) I can set a security constraint to restrict the access to a certain resource.

Is it possible to make a distinction between access from localhost and all the others? I want to enable authentication in a glassfish server for all external calls to a webapp but not from localhost. Is that possible?

score 0 · Answer 1 · answered Dec 14 '12 at 16:11

0

Put this in your /META-INF/context.xml:

<Context>
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127\.0\.0\.1"/>
</Context>

answered Dec 14 '12 at 16:11

unwichtich

13,712
4
53
66

authentication via the security-constraint in the web.xml except for localhost

1 Answers1