After looking through various Tomcat and servlet docs, it looks to me like this sort of security restriction is not easy to implement in your basic tomcat. I think you are going to need something beyond the basic role defining method that comes with Tomcat. Bill
You could turn on the security manager in tomcat and change the catalina security policy file to only allow ip 127.0.0.1 access to the url where the manager and admin web apps exist. [ September 24, 2004: Message edited by: B Stokes ]
My experience with the admin app is that it is buggy at best! It can be useful at times and worthless at other times. For example, defining a database connection at the context level rarely works for me using the admin app - and I have done this dozens of times on different platforms and setups.
This might sound harsh, but my advice is to not use the admin app unless you really don't know what you are doing otherwise.
Rich Raposa<br /><a href="http://www.javalicense.com" target="_blank" rel="nofollow">http://www.javalicense.com</a><br />Buy Java courseware -> get a free XBox!