tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lanpher" <>
Subject RE: ManagerServlet (autherization on a percontext basis)
Date Tue, 16 Sep 2003 22:17:45 GMT
How about letting me see your code for your version of the manager app hack?
I would love to play with it and any doc's you create to go along with it.

Jason Lanpher

-----Original Message-----
From: Jaco Kroon [] 
Sent: Tuesday, September 16, 2003 5:08 PM
To: Tomcat Users List
Subject: Re: ManagerServlet (autherization on a percontext basis)

Actually no, reloadable="true" will only reload the classes and lib 
directories (I've tried).  Also, having almost 315 (314 iirc) users on 
the system each with his/her own webapp can get quite bad.  Also, tomcat 
doesn't load all the contexts on startup unless there exists a 
WEB-INF/web.xml file.

So, I had two possible solutions to this:

1.  Hack the startup scripts to ensure that there exists a 
WEB-INF/web.xml file - this does not solve the problem of users being 
able to reload web.xml

2.  Hack the manager app.  This is the path that I followed, the results 
would have been viewable at but for the 
IT departments firewall ...

Each user is now required to log in, then he/she is presented with the 
options deploy,undeploy,start,stop,reload and my own creation restart, 
along with logout.

I've now moved on to having trouble with the security policy.  It dies 
on access denied to a file ${java.home}/jre/lib/, this 
same policy works fine on tc4.0.3, but tc4.1.26 dies a horrible, but 
quick death.

I see there is another thread on this also, my implementation is 
extremely specific to our specific setup (there is no time to do it the 
"correct" way - not that there seems to be one).


Shapira, Yoav wrote:
> Howdy,
> You can't just set each <Context> to have reloadable="true" ?  That 
> will reload their webapp when they edit web.xml...
> Yoav Shapira
> Millennium ChemInformatics
>>-----Original Message-----
>>From: Jaco Kroon []
>>Sent: Sunday, September 14, 2003 12:15 PM
>>Subject: ManagerServlet (autherization on a percontext basis)
>>I need to allow users previliges to manage their applications on a 
>>per-context basis.  We are providing students with a webapp, where 
>>they need to build their practical.  However, whenever they change 
>>web.xml they need to be able to restart their webapp.
>>Considering there are over 300 users I don't want to use the 
>>reloadable feature for the lib and classes directories either, as such 
>>I would prefer if I can just allow them to reload, start and stop 
>>their own webapps.
>>Is there any existing way of doing this or will I have to continue my 
>>hack to rewrite the ManagerServlet (or at least implement a similar 
>>class and work it into tomcat?)
>>btw, I'm using tomcat 4.0 (revision 0.3 at home and 1.24 where this 
>>has to be implemented actually).
>>I'm currently having trouble creating a subclass of HttpServlet 
>>implementing ContainerServlet that'll actually load.
>>Any ideas/help extremely welcome.
>>To unsubscribe, e-mail:
>>For additional commands, e-mail:
> This e-mail, including any attachments, is a confidential business 
> communication, and may contain information that is confidential, 
> proprietary and/or privileged.  This e-mail is intended only for the 
> individual(s) to whom it is addressed, and may not be saved, copied, 
> printed, disclosed or used by anyone else.  If you are not the(an) 
> intended recipient, please immediately delete this e-mail from your 
> computer system and notify the sender.  Thank you.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message