You can use these modules login-config.xml
BaseCertLoginModule Authenticates client certificates, must be stacked with another login module that does authorization CertRolesLoginModule An extension of BaseCertLoginModule that authenticates against client certificates and authorizes against properties files ClientLoginModules Used by standalone clients that want to log into a secure server DatabaseCertLoginModule An extension of BaseCertLoginModule that authenticates against client certificates and authorizes against a database DatabaseServerLoginModule Loads user/role information from a database IndentityLoginModule a testing login module that causes all users to authenticate with the same credentials LdapExtLoginModule Loads user/roles information from a LDAP server (supports hierarchical role structure) ldapLoginModule Loads user/roles information from a LDAP server (only works with flat role structures) RunASLoginModule Can be stacked with another login module to define the run-as status that they use while they're authenticating, useful if you need to call a secured EJB that's responsible for authenticating users. SimpleServerLoginModule A testing login module that allows any role with a null password to authenticate SRPCacheLoginModule Used to authenticate users using the Secure Remote Password (SRP) protocol SRPLoginModule Used by standalone clients that want to authenticate using the SRP protocol UsersRolesLoginModule
Loads user/roles information from property files
Or you can make an new module.
I am using UsersRolesLoginModule and am able to get the authentication to work.
The site is a development site behind a firewall with external access through a proxy server.
Two different urls to the site.
My question is if there is a way to detect that the request is coming in from the external url and
only then show the login prompt. I don't want internal users to have to log in.