tomcat basic authentification

i want to secure a personel tomcat in following way.

Basically everyone (every ip) should be able to access the webapps of this tomcat.

But some of the ip should able to access the tomcat without authentification (most of them) and some (e.g. 10.0.0.*) should only be able to access this tomcat via an authentification.

I’ve read much about how to solve this problem. The Tomcat Remote Access Filter and Remote Host Name isn’t working in my case, cause i don’t want to deny/allow the webapp for some IP Adresses.

I’ve tried to add these lines to context.xml with expectation, that i (localhost) can access the tomcat without authentification, but the authentification was still required:

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" invalidAuthenticationWhenDeny="true" allow="127.0.0.1"/>
<Valve className="org.apache.catalina.authenticator.BasicAuthenticator" />

So im at the end of my knowlegde (maybe i dont have much :D).

Can someone give me an example or a solution to my issue? Maybe i have to edit more than this file? Or did i missinterpreted something?

Thanks!