tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: mananger roles
Date Thu, 10 Apr 2003 11:46:40 GMT
This looks to be wrapper around the entire JVM. The original question 
pertaining to reloading an individual webapp on a tomcat installation with 
many webapps running under it.

I guess the easiest way to implement this functionality is to write a filter 
that wraps the /reload servlet. (And whatever other app you wish to protect). 
The filter will then use some type of ACL vs the currently logged in user to 
see if that user may start that webapp. It might look like this:

----
public void doFilter(...) {
     String webapp = request.getParameterValues("path")[0];
     String user = response.getRemoteUser();
     if (isAllowed(user,weabpp)) {
         chain.doFilter(request, response);
     } else {
         response.sendError(HttpServletResponse.SC_FORBIDDEN,
                       "You can't do this, go away");
     }
}
protected boolean isAllowed(Stinrg user, webapp) {
    ...
    return true false whther this user can restart this webapp.
    ...
}

----

This way the only change to tomcat is web.xml in the manager app to add the 
filter definition and mapping.

-Tim

graghupathy@aegonuk.co.uk wrote:
> how about this ???
> not tried yet but one of my friends told me that this can help 
> 
> 
> http://wrapper.tanukisoftware.org/doc/english/introduction.html
> 
> Guru
> 
> -----Original Message-----
> From: Tim Funk [mailto:funkman@joedog.org]
> Sent: 10 April 2003 11:58
> To: Tomcat Users List
> Subject: Re: mananger roles
> 
> 
> AFAIK, that functionality is not present.
> 
> -Tim
> 
> Dan Allen wrote:
> 
>>Is it possible to set manager roles per context for the manager
>>application that comes with tomcat.  For instance, assuming you have
>>multiple webapps running on the same server by different users,
>>would it be possible to only allow a person logged into to restart
>>the one that belonged to them?  Seems reasonable to me.
>>
>>Dan
>>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message