Within the web.xml of a Java EE Servlet Container (Tomcat, Glassfish etc.) I can set a security constraint to restrict the access to a certain resource.
Is it possible to make a distinction between access from localhost and all the others? I want to enable authentication in a glassfish server for all external calls to a webapp but not from localhost. Is that possible?
Put this in your
/META-INF/context.xml
: