axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: Securing Axis2-Admin
Date Mon, 24 Aug 2009 12:30:45 GMT

#log4j.properties should contain a statement which associates your package to Level e.g.
#package=LEVEL, NameOfAppender

#BEGIN CONSOLE APPENDER (stdout)
#first:type of appender (fully qualified class name) note all stdout goes to ConsoleAppender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
#    Many appenders require a layout.
log4j.appender.stdout.layout=org.apache.log4j.SimpleLayout

#  additionally, some layouts can take additional information --
#    like the ConversionPattern for the PatternLayout.
# log4j.appender.stdout.layout.ConversionPattern=%d %-5p %-17c{2} (%30F:%L) %3x
- %m%n

# BEGIN Rolling APPENDER: (rolling)
#  first:type of appender (fully qualified class name)
log4j.appender.rolling=org.apache.log4j.RollingFileAppender
#  second: Any configuration information needed for that appender.
#    Many appenders require a layout.
log4j.appender.rolling.File=example.log

# max file size of rolling appender will be 100kb
log4j.appender.rolling.MaxFileSize=100KB
#  Keep one backup file
log4j.appender.rolling.MaxBackupIndex=1

#pattern of the logfile
log4j.appender.rolling.layout=org.apache.log4j.PatternLayout
log4j.appender.rolling.layout.ConversionPattern=%p %t %c - %m%n

//default rootCategory for level is debug with output directed to stdout or //RollingFileAppender
as in 
log4j.rootCategory=debug,stdout,rolling

//you want to assign your package=LEVEL,Appender1,Appender2 as defined here
de.tamundo.security=warn,stdout,rolling

valid levels are 

debug,

info,

warn,
error,
fatal
 and log.

appenders are
 console, files, GUI
components, remote socket
servers,  JMS,

 NT
Event Loggers, and remote UNIX Syslog
daemons

http://logging.apache.org/log4j/1.2/manual.html

HTH
Martin Gainty 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire
prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe
quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les
email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.




From: mail@moritz-maedler.de
To: axis-user@ws.apache.org
Subject: Securing Axis2-Admin
Date: Mon, 24 Aug 2009 14:11:58 +0200

Hello,
I'm using axis2 1.5 as a tomcat6 servlet. As it runs in production, I want to secure the axis2
admin frontendby restricting the access to a specifig (e.g. local) IP-range. How can this
be implemented? I tried to integrate a filter which sends a 403-error upon access with wrongIP-address.
This leaded to following exception when restarting tomcat:-----Aug 24, 2009 12:47:30 PM org.apache.catalina.core.StandardContext
processTldsSEVERE: Error reading tld listeners java.lang.NullPointerExceptionjava.lang.NullPointerException
at org.apache.log4j.Category.isEnabledFor(Category.java:749)	at org.apache.commons.logging.impl.Log4JLogger.isTraceEnabled(Log4JLogger.java:333)
at org.apache.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java:581)	at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:282)
at org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4307)	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4144)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)	at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)	at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)Aug 24, 2009
12:47:31 PM org.apache.catalina.core.StandardContext processTlds----
The filter-config looks like web.xml looks like----[....AXIS-CONF....]<filter>		<description>
	</description>		<display-name>		IPFilter</display-name>		<filter-name>IPFilter</filter-name>
	<filter-class>de.tamundo.security.IPFilter</filter-class>	</filter><filter-mapping>
	<filter-name>IPFilter</filter-name>		<url-pattern>/IPFilter</url-pattern>
</filter-mapping>----
I copied the filterclass under /axis2/WEB-INF/de/tamundo/security.
Is there another possibility to secure the Axis2-Admin?
Thanks alot!
Moritz


_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009
Mime
View raw message