tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ravi Gupta <rkgupt...@gmail.com>
Subject Re: $CATALINA_HOME/conf/context.xml .. restrict a context?
Date Mon, 03 Mar 2014 22:35:43 GMT
Thanks, the issue is that my customer does not want to restrict the
admin-console in it's war - the rational is anybody can then just redeploy
a new admin-console.war and access it (overwrite the restrictions). They
want to restrict access to this context from OUTSIDE the actual deployment.
Make sense?


On Mon, Mar 3, 2014 at 4:22 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ravi,
>
> On 3/3/14, 5:10 PM, Ravi Gupta wrote:
> > Tomcat 6.X RHEL
> >
> > I tried adding the below in order to limit access to
> > /admin-console
> >
> > It worked, but it limits access to EVERY context, which is odd. I
> > am sure I am doing something wrong or I misunderstand how this
> > works
> >
> > I want to put restrictions on the /admin-console context, but I do
> > not want it inside the admin-console.war
> >
> > Again, this works, but other contexts are denied as well!
> >
> > <Context path="/admin-console"> <Valve
> > className="org.apache.catalina.valves.RemoteAddrValve" deny="*" />
> > </Context>
>
> I'm guessing the file you edited was CATALINA_BASE/conf/context.xml?
>
> That's not the right file to edit. Undo all the changes you made to
> conf/context.xml.
>
> Instead, you want to edit the META-INF/context.xml file in your own
> webapp (or CATALINA_BASE/conf/[engine]/[host]/admin-console.xml if you
> have manually-deployed your application using an XML descriptor).
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTFQCoAAoJEBzwKT+lPKRYGXQQAKgWOzPpKvC9YvuSJWdDY5Ud
> 325eSaK73rns77SWz2nUFt3je5GTEFmQAuCyBHueeaGgaFsY9GrkE9/YtsuWxB52
> gO22zYywmTtfSY4MNt5z4dolbWfkktcFkLA96FQxa4ZI7ZdvmyL4XRRPJSSKRck3
> qushWLC5IhbTknnbbOFm3OAv/xY60dzorB8ashIDjMO1Rm+6xOWf2x3PeTAeuy8K
> h5rKVi1u2KkMnbMtvJABX2WGdYZA+r/LNozotXHDGApvEVFu4+YtRWpZx2kgeVVG
> 0pbgLlfmT3cltDGkfOLq7xk11/VJNVR/A276naolfA+lWlqg0ccTVy7T/HrYaVZ8
> dHXh09GFAgxneC+JCdMzDGFaI1LEhMaDv9OhyEYCOjoz60c1lYg2idfFXffSTiFj
> QRgfesyer8jYWD0pyEQ939EOXKLnR2ClbwqkHvXZNKDf8NtitBeF45hUmxixuDhb
> GBu+tuBVEHWXJpmCkmh/Xd9iwGPU3w2geGnZXPUpDaERdKlKL/zbzLBpxvP9TpOs
> 0IMc3ZkZ39jnrMVfDbbloNRKMdbxSSlb/OMyDocZheSLw6QlECALfLZumQZCk759
> z5BDS8zvINbpdUrUxLG7ZYTW+6ZXpR7N9nVF+ab2BnTC58J5aUb623FtSOuk1J2/
> hMPVhRwdGyHLNccn82t4
> =YZJb
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message