tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: R: Apache / Tomcat Load Balanced mode
Date Tue, 21 Apr 2009 14:40:13 GMT

you can restrict based on roles so in /conf/tomcat-users.xml you can define username fubar
to role 'newrole'
 <user username="fubar" password="fubar" roles="newrole"/>

then in WebAppName/WEB/INF/web.xml
  <!-- Define a Security Constraint on this Application -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTMLManger and Manager command</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <!-- NOTE:  This role is not present in the default users file -->
       <role-name>newrole</role-name>
    </auth-constraint>
    <security-role>
      <role-name>newrole</role-name>
    </security-role>
  </security-constraint>

any access to YourWebAppName/admin are enabled only to role='newrole'

Martin 
______________________________________________ 
Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de
confidentialité 
This message is confidential. If you should not be the intended receiver, then we ask politely
to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message
serves only for the exchange of information and has no legal binding effect. Due to the easy
manipulation of emails we cannot take responsibility over the the contents.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire
prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe
quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les
email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.






> From: karthik.nanjangude@xius-bcgi.com
> To: users@tomcat.apache.org
> Date: Tue, 21 Apr 2009 18:19:42 +0530
> Subject: RE: R: Apache / Tomcat   Load Balanced mode
> 
> Hi
> 
> Thx for the same
> 
> Web application would be installed on 3 nodes of Tomcat below the single load balancer
of Apache http 2.x server
> 
> >> "www.acme.com"          being exposed to INTERNET
> >>
> >> "www.acme.com/admin"    being exposed to INTRANET
> 
> 
> 
> We would like to block the "/admin" from the INTERNET access
> If some body uses "/admin" the response should be blocked
> 
> If the same "/admin" is to be used within the INTRANET local access
> We should be able to display the credentials
> 
> 
> How To achieve the same ?
> 
> 
> With regards
> karthik
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
> Sent: Tuesday, April 21, 2009 12:51 PM
> To: Tomcat Users List
> Subject: Re: R: Apache / Tomcat Load Balanced mode
> 
> On 21.04.2009 09:06, Leandro Dardini wrote:
> >
> >
> >> -----Messaggio originale----- Da: Karthik Nanjangude
> >> [mailto:karthik.nanjangude@xius-bcgi.com] Inviato: martedì 21
> >> aprile 2009 7.34 A: Tomcat Users List Oggetto: Apache / Tomcat Load
> >> Balanced mode
> >>
> >> Hi
> >>
> >> Would the same work with Apache / Tomcat   Load Balanced mode
> >>
> >> Configuration for single installation of the web application
> >> "acme"
> >>
> >>
> >> "www.acme.com"          being exposed to INTERNET
> >>
> >> "www.acme.com/admin"    being exposed to INTRANET
> >>
> >>
> >> Reason :  The application uses a single DB  to request of orders
> >> (from Subscribers) and  same URL  with *admin*  would process the
> >> orders ( Internal Employees) and  should not be exposed to outside
> >> world.
> >>
> >>
> >> Is there any Configuration with in Apache or Tomcat to achieve the
> >> same?
> >>
> >>
> >>
> >> With regards Karthik
> >>
> >>
> >
> > Maybe I don't understand your question, but to me there is no
> > difference in configuring access in Load Balanced or not Load
> > Balanced mode.
> >
> > As regarding the admin section, you can filter it using apache access
> > control.
> 
> I agree, load balancing seems to be not related to the question.
> 
> One first decision would be, whether you are able to deploy your
> application twice, once as the ROOT context and once as admin. Then
> everything will become obvious.
> 
> If you only want to deploy it once, e.g. as admin, then you will need to
> do URL rewriting in the Apache-Layer. When using mod_proxy, you can find
> info about that at
> 
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
> 
> When using mod_jk, look at
> 
> http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html
> 
> Regards,
> 
> Rainer
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

_________________________________________________________________
Rediscover Hotmail®: Get quick friend updates right in your inbox. 
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Updates2_042009
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message