On 21/03/2022 20:47, Scott,Tim wrote:
Hi Chris and Mark,
As Mark spotted, I'm editing the conf/web.xml file.
If I move this to the application's web.xml, is there any way it can be
overridden by the Tomcat configuration?
Ideally, I'd like it to be somehow configurable by the person deploying it.
You can do that but you need to switch from using a Filter to using a
Valve. Valves can configured in context.xml files. Assuming the web app
doesn't already have a context.xml file, that would probably be the
easiest way to do this.
Mark
Alternatively, can it be configured programmatically?
I could then read a setting from the database.
(Apologies for not describing all the requirements at the outset - users, eh?)
Thanks,
Tim
--
Tim Scott
OCLC · Senior OLIB Software Engineer
City Gate · 8 St. Mary's Gate · Sheffield S1 4LW · United Kingdom
cc: IT file
________________________________
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Monday, March 21, 2022 8:14 pm
To: users@tomcat.apache.org
Subject: [External] Re: RemoteAddrFilter (org.apache.catalina.filters)
Tim,
On 3/21/22 13:51, Scott,Tim wrote:
Hi all,
I’ve been trying to get this to work for a bit without any luck.
What I’ve arrived at, in my main Tomcat web.xml, is:
<web-app
xmlns=http://xmlns.jcp.org/xml/ns/javaee<http://xmlns.jcp.org/xml/ns/javaee>
<http://xmlns.jcp.org/xml/ns/javaee<http://xmlns.jcp.org/xml/ns/javaee>>
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance<http://www.w3.org/2001/XMLSchema-instance>
<http://www.w3.org/2001/XMLSchema-instance<http://www.w3.org/2001/XMLSchema-instance>>
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee<http://xmlns.jcp.org/xml/ns/javaee>
http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd<http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd>
<http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd<http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd>>"
version="4.0">
<filter>
<filter-name>Remote Address Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Remote Address Filter</filter-name>
<url-pattern>/sru/*</url-pattern>
</filter-mapping>
This is more-or-less a copy/paste from the documentation at
https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Remote_Address_Filter<https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Remote_Address_Filter>
<https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Remote_Address_Filter<https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Remote_Address_Filter>>,
but the url-pattern is presenting me some problems.
There are (for various business reasons) planned to be two applications
on this Tomcat – one at “/sru/…” and one not.
The one at “/sru” needs to have a filter applied to stop it being
accessed from non-whitelisted sources. The other application is public.
Or, I need to do some development work to integrate with our corporate
authentication mechanism – for requests that have already been
authenticated and are arriving from another, internal, server. To me,
that seems like a waste of time.
If I adjust the url-pattern to:
<url-pattern>/*</url-pattern>
… then all access from other clients for both applications get an
http/403 response. No surprise, there.
If I make the pattern:
<url-pattern>/sru/*</url-pattern>
(or some variations thereof – “sru”, “/sru”, “/sru/”,
“/sru*”, …)
… then both applications are equally accessible from other clients.
Is what I’m trying to do possible?
I’m using Tomcat 9.0.54.
If it should work – can anyone spot what I’ve missed?
Thanks,
Tim
What is the context path of your web application? The filter should
ignore the context-path and only look at URLs relative to that context-path.
So if you your context-path is /sru then you really just want to look at
/* and not /sru*
The other question is "which web.xml are you editing"? If you are
editing the one in CATALINA_BASE/conf/web.xml then that's the wrong one
as it applies to all web applications... but again the URLs will all be
relative to their individual context-paths.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
