tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Falco Schwarz <hid...@falco.me>
Subject web.xml processing order of directives - filter vs security-constraint
Date Fri, 04 Jul 2014 14:37:32 GMT
All,

I am trying to set up the jmx proxy servlet and am kinda stuck on security.
I would like to:

- restrict access to localhost
- restrict access to require basic authentication

Currently it works, though in the wrong order. This is how the request is
being processed right now:

1) user accesses /infra/jmx
2) user has to authenticate
3) user is being denied

Is it possible to switch step 2 and 3?

Relevant parts of web.xml, webapp is called infra:

  <servlet>
    <servlet-name>JMXProxy</servlet-name>

<servlet-class>org.apache.catalina.manager.JMXProxyServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>JMXProxy</servlet-name>
    <url-pattern>/jmx/*</url-pattern>
  </servlet-mapping>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>JMX Proxy interface</web-resource-name>
      <url-pattern>/jmx/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>jmx</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>JMX Proxy</realm-name>
  </login-config>
  <security-role>
    <description>
      The role that is required to access the JMX Proxy
    </description>
    <role-name>jmx</role-name>
  </security-role>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message