Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is it possible to host one webapp on a different port

 
cle tan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Let's say I have a admin module and I do not want public to access.
I want to host that particular webapp on another port, say 3087

Is it possible to configure that, while the other webapps still run on ports 8080 and 8443
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34195
340
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How does that help you? You still need to provide a login and protect that web app. And once you've done all that, the port it is on doesn't provide security.
 
cle tan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeanne Boyarsky wrote:How does that help you? You still need to provide a login and protect that web app. And once you've done all that, the port it is on doesn't provide security.


will use firewall to allow public to access 8080 and 8443
but for internal usage(intranet) allow access to 3087 for admin module
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is reasonable to trust the general internet population less than you would trust the folks coming from inside your network, but still: would you trust your internal users not to do anything untoward with your admin app? So you still need to protect it as Jeanne said. But security should happen in depth, so the further away you can can keep people from your admin app, the better.

But regardless, you can configure different hosts (or engines, the lingo depends on which server you use) to listen on different ports. At the very least, Tomcat allows it, so I assume all commercial servers do as well, and probably the other open source servers, too.
 
cle tan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:It is reasonable to trust the general internet population less than you would trust the folks coming from inside your network, but still: would you trust your internal users not to do anything untoward with your admin app? So you still need to protect it as Jeanne said. But security should happen in depth, so the further away you can can keep people from your admin app, the better.

But regardless, you can configure different hosts (or engines, the lingo depends on which server you use) to listen on different ports. At the very least, Tomcat allows it, so I assume all commercial servers do as well, and probably the other open source servers, too.


Ok, may I know as a guide on how to configure server.xml, I saw the documentation , tried to implement it , and was unsuccessful
Let's say I have admin folder in my webapps directory.

In server.xml

CATALINA_HOME and CATALINA_BASE have already set to apache tomcat directory.



I would like to know what should I put for the value of appBase if I only want admin folder to be deployed in port 3087?

everything seems to be deployed successfully, but when i entered https://localhost:3087/admin/file.html
I see a blank screen

I saw the logs but it doesn't tell me much


Also, may I know what is the mainstream method of forms authentication in jsp
j_security_check method of authentication(what tomcat manager uses) might not be safe as the password are stored in the file
using realm also might not be safe, as jdbc database password, is also stored in file.

What might be the safest method for authenticating? store username and password in a session and compare with the database whether the user should be allowed to access the page?
 
cle tan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
would like to know whether it is possible to host apps on diff ports which is similar to IIS
 
cle tan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
would like to know is it possible to host a webapp on a particular port

eg. webapp 1 host on 8080
webapp 2 host on 8081
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18098
50
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are trying to "bump" your question, please don't. If/when someone knows an answer, they'll tell you.

Tomcat is actually a fairly generic container for network-based applications. While it is almost always used to host J2EE webapps, anyone who really wanted to could put just about anything into it. But that's not what we're interested in.

The point is, Tomcat has a modular architecture which allows various types of software components to be assembled to create a webapp server (among other things). This wiring-together is facilitated by the Tomcat server.xml file. You can find a lot of useful documentation in the prototype server.xml file and a lot more at http://tomcat.apache.org .

A Tomcat Server instance contains one or more Service instances bound to a set of service-related Connector elements. Each Connector element designates a port for the Service to listen on and designates what kind of traffic that port can handle. There are about 5 types of ports that Tomcat uses, but the two types of primary interest are the HTTP and HTTPS ports.

Each Service contains an Engine to manage request/response processing. J2EE processing is done by the StandardEngine.

Each Engine maintains 1 or more Hosts. The Host defines the VirtualHost, which is bound to a domain name on an incoming URL. Hosts contains Contexts, which are the individual webapps.

So, in short, the only way to get a webapp to respond on a different port than other webapps is either to A) run a completely separate Tomcat instance or B) Define a second Service/Connector/Engine component (which is NOT something done lightly).

j_security_check, incidentally, is a function of the security Realm and cannot function without a Realm. What Realm you use is up to you. The Tomcat Realms are quite secure, and that security is independent of whether you are using a distinct port or not.
 
cle tan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to know in connector what does the appBase mean?

So I would have to run 2 Tomcat instances to run 2 apps on different ports?
Is that the only solution?

I have one webapp for public access
and another webapp for local access.

 
Tim Holloway
Saloon Keeper
Pie
Posts: 18098
50
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The standard Connector module does not have an appBase attribute.

Within a Tomcat Service component, you can listen on multiple ports, simply by defining multiple Connectors. But all ports dispatch to all applications. You cannot pick and choose what app listens to what port. Apps don't listen. Tomcat (the Service) does the listening. It receives the URL request and uses that to determine which application will service the request and doesn't care which port it came in on, only what app it's supposed to send it to.

So yes, if you want to reserve a specific port for a specific app, you either need to extensively customize Tomcat or run a separate instance of Tomcat.

As I said before, however Tomcat's security mechanisms are quite sufficient to reliably limit who can get at a sensitive app, regardless of what port it came in on. And they are a lot easier to configure.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic