On 30/09/2016 08:07, Harneet Singh wrote: > Hello All, > > I have a java application which is hosted in Tomcat 7.0.62. > As part of business logic the code sometimes connects to remote hosts and > downloads resources. > Is there a way I can specify a whitelist using the Tomcat configuration? > > Means I only want my application to be able to fetch data from > www.google.com but any request going from my web application hosted in the > my Tomcat needs is to be denied for any of the other hosts. > > I know the workaround can be I configure the firewall on the machine to > deny any such requests, but that would be operating system specific and I > would like to acheive this using Tomcat configuration, without changing my > code. > > Thanks again for reading this and trying to help :)
A security manager is the way to do that. The down side is a lot of apps break when running under a security manager. Thorough testing is strongly advised. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
