tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Jericho" <marti...@jabmail.com>
Subject Re: Deployment on a specific port
Date Fri, 12 Sep 2003 02:05:07 GMT
Since it looks like there is no easy way to do it, does anyone know of a
secure way to check the source IP address or target port of the request?  Am
I correct in assuming that the getServerPort() and getRemoteAddr() methods
are not reliable for security purposes?

----- Original Message ----- 
From: "Tim Funk" <funkman@joedog.org>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Friday, September 12, 2003 11:09 AM
Subject: Re: Deployment on a specific port


> Actually as to different services it could be the same webapp but tomcat
> would treat them as two different webapps.
>
> At this time at night, I'm out of ideas. (Actually, brain ain't working,
must
> sleep)
>
> The simple kludge is to keep with the original idea and store the shared
data
> in a common classloader in some static fashion. (Emphasis ... kludge)
>
> -Tim
>
> Martin Jericho wrote:
>
> > Thanks Tim, but I forgot to mention that both servlet have to be in the
same
> > webapp!  One is my main servlet that handles user web requests, and the
> > other is the AxisServlet for handling a SOAP interface into the same
> > application.  I want to stick the SOAP servlet onto a different port
which
> > can not be accessed from outside the firewall.
> >
> > What are the "extra tricks" you mentioned?
> >
> > ----- Original Message ----- 
> > From: "Tim Funk" <funkman@joedog.org>
> > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> > Sent: Friday, September 12, 2003 10:51 AM
> > Subject: Re: Deployment on a specific port
> >
> >
> >
> >>I think you can create 2 services and each service gets is own connector
> >
> > and
> >
> >>webapp.
> >>
> >>This also means that both servlets can't be in the same webapp. (Without
> >>extra tricks)
> >>
> >>-Tim
> >>
> >>Martin Jericho wrote:
> >>
> >>
> >>>I would like to set up a single standalone instance of tomcat with
> >
> > connectors on two ports, and deploy one servlet to work only on one port
and
> > a different servlet to work only on the other port.  Is this possible?
> >
> >>>If not, the only way I can get around it that I can see is to use the
> >
> > ServletRequest.getServerPort() method to check which port the request
came
> > in on an reject it if it was on the wrong port.  I suspect however that
this
> > is not secure as the value returned by getServerPort() comes from the
> > request header, which can easily be spoofed.  Will the
> > ServletRequest.getLocalPort() method in the proposed 2.4 spec be more
> > secure?
> >
> >>>How are other people doing this?
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>
> >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>


Mime
View raw message