Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 97201 invoked from network); 24 Aug 2009 17:43:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 24 Aug 2009 17:43:28 -0000 Received: (qmail 28560 invoked by uid 500); 24 Aug 2009 12:12:32 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 28508 invoked by uid 500); 24 Aug 2009 12:12:32 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 28499 invoked by uid 99); 24 Aug 2009 12:12:31 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Aug 2009 12:12:31 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [85.13.130.247] (HELO dd6126.kasserver.com) (85.13.130.247) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Aug 2009 12:12:20 +0000 Received: from [192.168.1.58] (port-87-234-23-254.static.qsc.de [87.234.23.254]) by dd6126.kasserver.com (Postfix) with ESMTP id 1B7CA18257180 for ; Mon, 24 Aug 2009 14:11:58 +0200 (CEST) Message-Id: <4F50E9B9-B329-410F-BB76-802DB2E994B3@moritz-maedler.de> From: =?ISO-8859-1?Q?Moritz_M=E4dler?= To: axis-user@ws.apache.org Content-Type: multipart/alternative; boundary=Apple-Mail-1-78295454 Mime-Version: 1.0 (Apple Message framework v936) Subject: Securing Axis2-Admin Date: Mon, 24 Aug 2009 14:11:58 +0200 X-Mailer: Apple Mail (2.936) X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail-1-78295454 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hello, I'm using axis2 1.5 as a tomcat6 servlet. As it runs in production, I want to secure the axis2 admin frontend by restricting the access to a specifig (e.g. local) IP-range. How can this be implemented? I tried to integrate a filter which sends a 403-error upon access with wrong IP-address. This leaded to following exception when restarting tomcat: ----- Aug 24, 2009 12:47:30 PM org.apache.catalina.core.StandardContext processTlds SEVERE: Error reading tld listeners java.lang.NullPointerException java.lang.NullPointerException at org.apache.log4j.Category.isEnabledFor(Category.java:749) at org .apache .commons.logging.impl.Log4JLogger.isTraceEnabled(Log4JLogger.java:333) at org .apache.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java: 581) at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:282) at org .apache.catalina.core.StandardContext.processTlds(StandardContext.java: 4307) at org.apache.catalina.core.StandardContext.start(StandardContext.java: 4144) at org .apache .catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java: 740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java: 544) at org .apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java: 626) at org .apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java: 553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java: 488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java: 311) at org .apache .catalina .util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java: 1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java: 1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java: 443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java: 700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 39) at sun .reflect .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 39) at sun .reflect .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 177) Aug 24, 2009 12:47:31 PM org.apache.catalina.core.StandardContext processTlds ---- The filter-config looks like web.xml looks like ---- [....AXIS-CONF....] IPFilter IPFilter de.tamundo.security.IPFilter IPFilter /IPFilter ---- I copied the filterclass under /axis2/WEB-INF/de/tamundo/security. Is there another possibility to secure the Axis2-Admin? Thanks alot! Moritz --Apple-Mail-1-78295454 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hello,

I'm = using axis2 1.5 as a tomcat6 servlet. As it runs in production, I want = to secure the axis2 admin frontend
by restricting the access = to a specifig (e.g. local) IP-range. 
How can this be = implemented? I tried to integrate a filter which sends a 403-error upon = access with wrong
IP-address. This leaded to following = exception when restarting tomcat:
-----
Aug 24, = 2009 12:47:30 PM org.apache.catalina.core.StandardContext = processTlds
SEVERE: Error reading tld listeners = java.lang.NullPointerException
java.lang.NullPointerException
= at = org.apache.log4j.Category.isEnabledFor(Category.java:749)
at = org.apache.commons.logging.impl.Log4JLogger.isTraceEnabled(Log4JLogger.jav= a:333)
= at = org.apache.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java:= 581)
= at = org.apache.catalina.startup.TldConfig.execute(TldConfig.java:282)
= at = org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:= 4307)
= at = org.apache.catalina.core.StandardContext.start(StandardContext.java:4144)<= /div>
= at = org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java= :760)
= at = org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
= at = org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
= at = org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:62= 6)
= at = org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:5= 53)
= at = org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
= at = org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
= at = org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)=
= at = org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp= ort.java:120)
at = org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
= at = org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
= at = org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
= at = org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
= at = org.apache.catalina.core.StandardService.start(StandardService.java:448)
= at = org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
= at = org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at = sun.reflect.NativeMethodAccessorImpl.invoke0(Native = Method)
at = sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:= 39)
= at = sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm= pl.java:25)
at = java.lang.reflect.Method.invoke(Method.java:597)
at = org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
= = at sun.reflect.NativeMethodAccessorImpl.invoke0(Native = Method)
at = sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:= 39)
= at = sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm= pl.java:25)
at = java.lang.reflect.Method.invoke(Method.java:597)
at = org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177= )
Aug 24, 2009 12:47:31 PM = org.apache.catalina.core.StandardContext = processTlds
----

The filter-config = looks like web.xml looks like
----
[....AXIS-CONF....]
<filter>
= <description>
</description>
<display-name>
IPFilter</display-name>
<filter-name>IPFilter</filter-name>
<filter-class>de.tamundo.security.IPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>IPFilter</filter-name>
<url-pattern>/IPFilter</url-pattern>
</filter-mapping>
----

I copied the = filterclass under = /axis2/WEB-INF/de/tamundo/security.

Is there another possibility to secure the = Axis2-Admin?

Thanks = alot!

Moritz


= --Apple-Mail-1-78295454--