On 10/20/25 6:33 AM, Christopher Schultz wrote:
So... which file were you changing? ;)
I thought I'd made that clear from the beginning (note that for clarity
here, I'm calling the manager context "manager" here; on the "guinea
pig" box, it's been renamed to something different):
1. Use JMXTerm to manually call "stop" on
Catalina:J2EEApplication=none,J2EEServer=none,j2eeType=WebModule,name=//localhost/manager
2. manually (from a separate TN5250 session at native level) change the
manager app's META-INF/context.xml to change the
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
in various ways, either commenting it out, uncommenting it, or changing
the "allow" attribute to add or remove IP addresses
3. Back in the JMXTerm session, manually call "start" on that same bean.
If restarting the context reloaded the META-INF/context.xml, all the
variations on that procedure would have worked just fine. But none of
them had the slightest effect: it just continued to use the manager's
META-INF/context.xml as it existed at the time of Tomcat launch.
But what intrigued me was when you said:
If you use jmxterm to change the RemoteAddrValve's IP address range, you will
change the configuration in memory but not on the disk.
That would actually be the ideal situation: it would reduce a 3-step
manual procedure (both for turning the manager on, and for turning it
off) down to one step, and if I forget to turn it off, it would turn off
anyway at the next scheduled Tomcat restart.
I actually *don't* want to be able to call JMX through anything other
than a terminal session, because that would open a different security
hole. By way of analogy, when I bought my Nissan Leaf, one of the
reasons why I chose a United Chargers of Canada "Grizzl-E" for my home
charging station was that the maximum charging rate is set with a
DIP-switch inside the box, NOT through Bluetooth, with a mobile app,
because a DIP-switch is absolutely un-hackable.
At any rate, I see a whole lot of beans that are visible to JMX, and I
see that some of them have a whole lot of operations defined, while
others have none. Is there a document somewhere, that will tell me what
these operations actually *do?*
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
