geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Webapps exposed on distinct ports
Date Tue, 13 Jun 2006 18:04:38 GMT

On Jun 13, 2006, at 9:34 AM, Rick Sears wrote:

> Hello everyone,
> I've been trolling the web the past couple days looking for
> examples/information on how to accomplish something that is currently
> being done in an application we are looking at porting to run under
> Geronimo.  We would like to be able to expose one webapp on a non-ssl
> port, say 12345, while having another webapp also running in Geronimo
> running on a different ssl-enabled port, say 54321.  The webapp
> running on the ssl-enabled port should not be accessible from the non
> ssl-enabled port.
> I've looked at a bunch of the Geronimo documentation, but all the
> things i've tried have come up short using Geronimo 1.0.  There seems
> to be an example of doing something similar using Geronimo 1.1
> ( 
> Exposing+Web+Applications+on+distinct+ports),
> but I am just wondering if i'm missing something that is also
> available on Geronimo 1.0.  The references to the <web-app> tag under
> the <module> tag are problematic in Geronimo 1.0, but I can't see any
> other way of tying a given deployed webapp to a particular Tomcat
> container (that is exposed on one set of ports but not the other).
> If anyone has any examples/information on how to tie a deployed Tomcat
> webapp to a particular container with a distinct set of exposed ports,
> please let me know.

This capability is new in 1.1.  In 1.0, you might possibly be able to  
get something to work by using virtual hosts, but I'm not enough of  
an expert on that to give you good advice.  In particular I don't  
know how reliable it would be.

One other thing you might be able to use to prevent access from the  
non-ssl port is use j2ee web security to require the CONFIDENTIAL  
transport guarantee for the secured app.  This probably wouldn't hide  
the existence of the secured app but would prevent access: I think  
you'd get a "forbidden" error rather than a "not found"

david jencks

> Rick Sears

View raw message