• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Manager & Admin Webapp

 
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How can we make Manager and Admin webapp only accessible from localhost..not accessible from anywhere else

Thanking in advance
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
After looking through various Tomcat and servlet docs, it looks to me like this sort of security restriction is not easy to implement in your basic tomcat. I think you are going to need something beyond the basic role defining method that comes with Tomcat.
Bill
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could turn on the security manager in tomcat and change the catalina security policy file to only allow ip 127.0.0.1 access to the url where the manager and admin web apps exist.
[ September 24, 2004: Message edited by: B Stokes ]
 
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I guess you can also put a RemoteHostValve or RemoteAddrValve on top of your admin app, and restrict access to a number of IP addresses or host names
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't think the security option would help - it mainly seems to control which applications can use which resources. I don't see any way for it to look at the request source.
Bill
 
Eelco den Heijer
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree that it is not enough; but if you use one of these valves with a proper realm, I think it's pretty solid.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree...

It explictly says, at least in the 5.5 admin.xml to use to restrict access to the admin app to requests originating from the local machine.

Does anyone have any idea why clicking on the handles in the admin tree might not respond by expanding?

Warm regards
 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My experience with the admin app is that it is buggy at best! It can be useful at times and worthless at other times. For example, defining a database connection at the context level rarely works for me using the admin app - and I have done this dozens of times on different platforms and setups.

This might sound harsh, but my advice is to not use the admin app unless you really don't know what you are doing otherwise.
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
tomcat7\conf\context.xm

add this line under <context></context> tag

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="127.0.0.0" />

 
reply
    Bookmark Topic Watch Topic
  • New Topic