Any idea if the same would work for JBOSS 5.X (uses tomcat under the hood)? perhaps it is not the same, but I tried putting admin-console.xml under jboss-5.1.0.GA/server/default/deploy/jbossweb.sar it contains <Context path="/admin-console"> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" /> </Context>
But I was still able to access http://localhost:8080/admin-console after a bounce? Any suggestions would be apreciated On Mon, Mar 3, 2014 at 4:36 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Ravi, > > (Moving the discussion back onto the list: please reply to the list > and not to individuals. That's what community is about.) > > On 3/3/14, 5:29 PM, Ravi Gupta wrote: > > Thanks, the issue is that my customer does not want to restrict > > the admin-console in it's war - the rational is anybody can then > > just redeploy a new admin-console.war and access it (overwrite the > > restrictions). They want to restrict access to this context from > > OUTSIDE the actual deployment. Make sense? > > It makes perfect sense. > > To deploy your web application in a "safe" way, you need to do the > following: > > 0. Start with a stopped Tomcat. > 1. Put the WAR wherever you want it to live. CATALINA_BASE/webapps is > fine. > 2. Extract META-INF/context.xml from your WAR file and place it in > CATALINA_BASE/conf/[engine]/[host]/[appname].xml > 3. Modify [appname].xml to add whatever restrictions you want. > 4. Start Tomcat. > > If you overwrite the WAR file, the restrictions you have set should be > maintained. Note that if you /undeploy/ the webapp and then redeploy > it, any customizations will be lost and will have to be re-applied. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJTFQPbAAoJEBzwKT+lPKRYRmoQALE8fXXv+UVHkMCwzBHHfyvI > FVfO8pxCEk8oxvrMunLjC/E2+O8KVCCSDYEjWYYuQs0L1cKjEWyuF6w0P8QDo6fB > lE1pxuShreC1SMMZBEGf9GX0QORPgAB1C4tFnKEYP7/O/0l0KORGh81/AolhroG+ > 8UvlNbFeb0LUR/ABHjdc2PN1UVL3FjruFMhkJSu0ZGqK8TpO7D74VWG2B5JD6zy6 > ecFKQVSKf7wCLYJ5vXLpyLFJ/H5DKb6c5BBa7L0Edw+bEM8/YM9f7eoXl77TyBup > Lhx19LOzrfFqcDNPXpqiSKy8VCEJH0TNd1iegJwWH4uTK/BYOu38pALspQ6piGjJ > re8/goyGahK4Ii7A7B6463I/WqzuSwYxzoNYOMFd0db3gp5gzCq8u6MUgx1jTupA > iG4f9SvGC4pvytTKujS/c36uHVipn3YbgTZzbsyhUug7VvTn5uSZUN1e68v+y9LA > JV0sLGlzay6STujPamVInO6ICOEiqnY5TuoRoedmlYSLC0dkT5Nvpw9G4trL0WMc > WZLVlKKgd3eQU4hUBNqeVfnlmwRuE2LFwHdAC1TpyWVsHkNaTtcCMq/YMkl+xAD0 > 4uka25gHs3g+j7KmGvvo4gjnPY1ODfTJbYrAdlhSZoMkuesyAW8gaYqG4NR6FoWm > /tcZDv4FLrEtv5zXrz9l > =L2bz > -----END PGP SIGNATURE----- >
