tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ravi Gupta <rkgupt...@gmail.com>
Subject Re: $CATALINA_HOME/conf/context.xml .. restrict a context?
Date Mon, 03 Mar 2014 23:03:29 GMT
According to this, it should match up
https://community.jboss.org/wiki/Web-AppContextConfiguration


On Mon, Mar 3, 2014 at 4:53 PM, Ravi Gupta <rkgupta75@gmail.com> wrote:

> Any idea if the same would work for JBOSS 5.X (uses tomcat under the hood)?
> perhaps it is not the same, but I tried putting
> admin-console.xml under jboss-5.1.0.GA/server/default/deploy/jbossweb.sar
> it contains
>
> <Context path="/admin-console">
>   <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" />
> </Context>
>
> But I was still able to access http://localhost:8080/admin-console after
> a bounce?
>
> Any suggestions would be apreciated
>
>
>
> On Mon, Mar 3, 2014 at 4:36 PM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Ravi,
>>
>> (Moving the discussion back onto the list: please reply to the list
>> and not to individuals. That's what community is about.)
>>
>> On 3/3/14, 5:29 PM, Ravi Gupta wrote:
>> > Thanks, the issue is that my customer does not want to restrict
>> > the admin-console in it's war - the rational is anybody can then
>> > just redeploy a new admin-console.war and access it (overwrite the
>> > restrictions). They want to restrict access to this context from
>> > OUTSIDE the actual deployment. Make sense?
>>
>> It makes perfect sense.
>>
>> To deploy your web application in a "safe" way, you need to do the
>> following:
>>
>> 0. Start with a stopped Tomcat.
>> 1. Put the WAR wherever you want it to live. CATALINA_BASE/webapps is
>> fine.
>> 2. Extract META-INF/context.xml from your WAR file and place it in
>> CATALINA_BASE/conf/[engine]/[host]/[appname].xml
>> 3. Modify [appname].xml to add whatever restrictions you want.
>> 4. Start Tomcat.
>>
>> If you overwrite the WAR file, the restrictions you have set should be
>> maintained. Note that if you /undeploy/ the webapp and then redeploy
>> it, any customizations will be lost and will have to be re-applied.
>>
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIcBAEBCAAGBQJTFQPbAAoJEBzwKT+lPKRYRmoQALE8fXXv+UVHkMCwzBHHfyvI
>> FVfO8pxCEk8oxvrMunLjC/E2+O8KVCCSDYEjWYYuQs0L1cKjEWyuF6w0P8QDo6fB
>> lE1pxuShreC1SMMZBEGf9GX0QORPgAB1C4tFnKEYP7/O/0l0KORGh81/AolhroG+
>> 8UvlNbFeb0LUR/ABHjdc2PN1UVL3FjruFMhkJSu0ZGqK8TpO7D74VWG2B5JD6zy6
>> ecFKQVSKf7wCLYJ5vXLpyLFJ/H5DKb6c5BBa7L0Edw+bEM8/YM9f7eoXl77TyBup
>> Lhx19LOzrfFqcDNPXpqiSKy8VCEJH0TNd1iegJwWH4uTK/BYOu38pALspQ6piGjJ
>> re8/goyGahK4Ii7A7B6463I/WqzuSwYxzoNYOMFd0db3gp5gzCq8u6MUgx1jTupA
>> iG4f9SvGC4pvytTKujS/c36uHVipn3YbgTZzbsyhUug7VvTn5uSZUN1e68v+y9LA
>> JV0sLGlzay6STujPamVInO6ICOEiqnY5TuoRoedmlYSLC0dkT5Nvpw9G4trL0WMc
>> WZLVlKKgd3eQU4hUBNqeVfnlmwRuE2LFwHdAC1TpyWVsHkNaTtcCMq/YMkl+xAD0
>> 4uka25gHs3g+j7KmGvvo4gjnPY1ODfTJbYrAdlhSZoMkuesyAW8gaYqG4NR6FoWm
>> /tcZDv4FLrEtv5zXrz9l
>> =L2bz
>> -----END PGP SIGNATURE-----
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message