我面临着tomcat服务器的问题。这是场景。 我有客户端在端口8999中运行并使用apache tomcat来提供静态内容。 http://hostname1:8999/client/static
And server running in another port 9001 and using another tomcat.
[http://hostname1:9001/server/][2]
i have configured re-routing rules in httpd.conf file to make them work together.
Now, my issue is, the static content is served without any authentication.
I want to stop that and make sure, the static contents will be served only when request is from server or when it contains any kind of headers.
How can i achieve this?
I tried adding security contraints in web.xml of tomcat.
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTP-Protected-Resource-1</web-resource-name>
<description>Description here</description>
<url-pattern>/scripts/*</url-pattern>
<url-pattern>/styles/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>NOSOUPFORYOU</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DEFAULT</auth-method>
<realm-name>NOACCESSFORANYONE</realm-name>
</login-config>
<security-role>
<role-name>NOSOUPFORYOU</role-name>
</security-role>
It worked, but it is blocking content in all cases even when the call is from server.
Can i distinguish request or check for headers in web.xml?