tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ravi Gupta <rkgupt...@gmail.com>
Subject Re: $CATALINA_HOME/conf/context.xml .. restrict a context?
Date Mon, 03 Mar 2014 22:53:29 GMT
Any idea if the same would work for JBOSS 5.X (uses tomcat under the hood)?
perhaps it is not the same, but I tried putting
admin-console.xml under jboss-5.1.0.GA/server/default/deploy/jbossweb.sar
it contains
<Context path="/admin-console">
  <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" />
</Context>

But I was still able to access http://localhost:8080/admin-console after a
bounce?

Any suggestions would be apreciated


On Mon, Mar 3, 2014 at 4:36 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ravi,
>
> (Moving the discussion back onto the list: please reply to the list
> and not to individuals. That's what community is about.)
>
> On 3/3/14, 5:29 PM, Ravi Gupta wrote:
> > Thanks, the issue is that my customer does not want to restrict
> > the admin-console in it's war - the rational is anybody can then
> > just redeploy a new admin-console.war and access it (overwrite the
> > restrictions). They want to restrict access to this context from
> > OUTSIDE the actual deployment. Make sense?
>
> It makes perfect sense.
>
> To deploy your web application in a "safe" way, you need to do the
> following:
>
> 0. Start with a stopped Tomcat.
> 1. Put the WAR wherever you want it to live. CATALINA_BASE/webapps is
> fine.
> 2. Extract META-INF/context.xml from your WAR file and place it in
> CATALINA_BASE/conf/[engine]/[host]/[appname].xml
> 3. Modify [appname].xml to add whatever restrictions you want.
> 4. Start Tomcat.
>
> If you overwrite the WAR file, the restrictions you have set should be
> maintained. Note that if you /undeploy/ the webapp and then redeploy
> it, any customizations will be lost and will have to be re-applied.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTFQPbAAoJEBzwKT+lPKRYRmoQALE8fXXv+UVHkMCwzBHHfyvI
> FVfO8pxCEk8oxvrMunLjC/E2+O8KVCCSDYEjWYYuQs0L1cKjEWyuF6w0P8QDo6fB
> lE1pxuShreC1SMMZBEGf9GX0QORPgAB1C4tFnKEYP7/O/0l0KORGh81/AolhroG+
> 8UvlNbFeb0LUR/ABHjdc2PN1UVL3FjruFMhkJSu0ZGqK8TpO7D74VWG2B5JD6zy6
> ecFKQVSKf7wCLYJ5vXLpyLFJ/H5DKb6c5BBa7L0Edw+bEM8/YM9f7eoXl77TyBup
> Lhx19LOzrfFqcDNPXpqiSKy8VCEJH0TNd1iegJwWH4uTK/BYOu38pALspQ6piGjJ
> re8/goyGahK4Ii7A7B6463I/WqzuSwYxzoNYOMFd0db3gp5gzCq8u6MUgx1jTupA
> iG4f9SvGC4pvytTKujS/c36uHVipn3YbgTZzbsyhUug7VvTn5uSZUN1e68v+y9LA
> JV0sLGlzay6STujPamVInO6ICOEiqnY5TuoRoedmlYSLC0dkT5Nvpw9G4trL0WMc
> WZLVlKKgd3eQU4hUBNqeVfnlmwRuE2LFwHdAC1TpyWVsHkNaTtcCMq/YMkl+xAD0
> 4uka25gHs3g+j7KmGvvo4gjnPY1ODfTJbYrAdlhSZoMkuesyAW8gaYqG4NR6FoWm
> /tcZDv4FLrEtv5zXrz9l
> =L2bz
> -----END PGP SIGNATURE-----
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message