I have deployed two webapps A & B in same tomcat 7. Application A invokes servlet B which is deployed in webapp B, also servlet B is also accessible using servlet B url.
Now i want to restrict invocation of servlet B in a way that only webapp A can invoke this servlet B and webapp B/servlet B should not be accessible from outside.
Any ideas?
There are at least two approaches you could take. Modify the web.xml within webapp B such that the authentication roles for the servlet are only found by someone who logs into webapp A.
That idea will work, if you've secured your server with specific login and roles. If you have it wide open for everyone, then you have to move on to idea two.
You can do all sorts of cool things if you are willing to write your own filter. Do a google search on "how to write tomcat filters" and poke around. Remember that filters get access to a URL before the servlet is invoked. You can decide what to do with the incoming request.
