RE: R: Apache / Tomcat Load Balanced mode

Tue, 21 Apr 2009 07:40:47 -0700 

you can restrict based on roles so in /conf/tomcat-users.xml you can define 
username fubar
to role 'newrole'
 <user username="fubar" password="fubar" roles="newrole"/>

then in WebAppName/WEB/INF/web.xml
  <!-- Define a Security Constraint on this Application -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTMLManger and Manager command</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <!-- NOTE:  This role is not present in the default users file -->
       <role-name>newrole</role-name>
    </auth-constraint>
    <security-role>
      <role-name>newrole</role-name>
    </security-role>
  </security-constraint>

any access to YourWebAppName/admin are enabled only to role='newrole'

Martin 
______________________________________________ 
Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de 
déni et de confidentialité 
This message is confidential. If you should not be the intended receiver, then 
we ask politely to report. Each unauthorized forwarding or manufacturing of a 
copy is inadmissible. This message serves only for the exchange of information 
and has no legal binding effect. Due to the easy manipulation of emails we 
cannot take responsibility over the the contents.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.






> From: karthik.nanjang...@xius-bcgi.com
> To: users@tomcat.apache.org
> Date: Tue, 21 Apr 2009 18:19:42 +0530
> Subject: RE: R: Apache / Tomcat   Load Balanced mode
> 
> Hi
> 
> Thx for the same
> 
> Web application would be installed on 3 nodes of Tomcat below the single load 
> balancer of Apache http 2.x server
> 
> >> "www.acme.com"          being exposed to INTERNET
> >>
> >> "www.acme.com/admin"    being exposed to INTRANET
> 
> 
> 
> We would like to block the "/admin" from the INTERNET access
> If some body uses "/admin" the response should be blocked
> 
> If the same "/admin" is to be used within the INTRANET local access
> We should be able to display the credentials
> 
> 
> How To achieve the same ?
> 
> 
> With regards
> karthik
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.j...@kippdata.de]
> Sent: Tuesday, April 21, 2009 12:51 PM
> To: Tomcat Users List
> Subject: Re: R: Apache / Tomcat Load Balanced mode
> 
> On 21.04.2009 09:06, Leandro Dardini wrote:
> >
> >
> >> -----Messaggio originale----- Da: Karthik Nanjangude
> >> [mailto:karthik.nanjang...@xius-bcgi.com] Inviato: martedì 21
> >> aprile 2009 7.34 A: Tomcat Users List Oggetto: Apache / Tomcat Load
> >> Balanced mode
> >>
> >> Hi
> >>
> >> Would the same work with Apache / Tomcat   Load Balanced mode
> >>
> >> Configuration for single installation of the web application
> >> "acme"
> >>
> >>
> >> "www.acme.com"          being exposed to INTERNET
> >>
> >> "www.acme.com/admin"    being exposed to INTRANET
> >>
> >>
> >> Reason :  The application uses a single DB  to request of orders
> >> (from Subscribers) and  same URL  with *admin*  would process the
> >> orders ( Internal Employees) and  should not be exposed to outside
> >> world.
> >>
> >>
> >> Is there any Configuration with in Apache or Tomcat to achieve the
> >> same?
> >>
> >>
> >>
> >> With regards Karthik
> >>
> >>
> >
> > Maybe I don't understand your question, but to me there is no
> > difference in configuring access in Load Balanced or not Load
> > Balanced mode.
> >
> > As regarding the admin section, you can filter it using apache access
> > control.
> 
> I agree, load balancing seems to be not related to the question.
> 
> One first decision would be, whether you are able to deploy your
> application twice, once as the ROOT context and once as admin. Then
> everything will become obvious.
> 
> If you only want to deploy it once, e.g. as admin, then you will need to
> do URL rewriting in the Apache-Layer. When using mod_proxy, you can find
> info about that at
> 
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
> 
> When using mod_jk, look at
> 
> http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html
> 
> Regards,
> 
> Rainer
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

_________________________________________________________________
Rediscover Hotmail®: Get quick friend updates right in your inbox. 
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Updates2_042009

Reply via email to