tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <>
Subject RE: one webapp - two security constraints
Date Tue, 02 Feb 2010 13:07:57 GMT
> From: rjgallac []
> Subject: one webapp - two security constraints

You didn't bother to tell us the version of Tomcat you're using, so the following comments
are based on using a 6.0.x level (but should also apply to 5.5.x).

> <Host name="host1" appBase="webapps/files" unpackWARs="true"

The appBase setting is wrong; it should be just "webapps", not "webapps/files".  Having appBase
the same as any docBase is illegal.

> <Context path="" docBase="${catalina.home}/webapps/files">

It's really, really bad form to put <Context> elements in server.xml.  In addition,
the above gets you *two* deployments for this <Host>, since the webapp will be deployed
once as ROOT, and again as "files".  Name the webapp directory or .war file ROOT (case sensitive),
move the <Context> element to webapps/ROOT/META-INF/context.xml where it belongs, and
remove the illegal path and docBase attributes.

> 		<Host name="host2" appBase="webapps/files"


> <Context path="" docBase="${catalina.home}/webapps/files">


> So the question is two hosts. One web app.

No, you actually had four webapps, since there was double deployment for each <Host>.
 Each <Host> will *always* have a separate copy of the webapp, even if they point to
the same appBase.  (BTW, having two <Host> elements using the same appBase is a tad
risky if you ever try redeployment on the fly.)  You cannot have multiple <Host> elements
sharing a webapp in memory - it simply doesn't work that way.

You could use SecurityFilter to keep just one copy of the webapp and have that filter check
for whether or not to apply the security constraint.  Look here for details:

 - Chuck

for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message