Tomcat:限制对/just one/webapp 的本地主机的访问 [英] Tomcat: Restrict access to localhost for /just one/ webapp
问题描述
我正在运行 Tomcat 6 来为多个 Web 应用程序提供服务,其中大部分是面向公众的.但我想限制对只有一个 webapp的访问,只允许来自本地主机的连接.
I'm running Tomcat 6 to serve several web apps, most of which are public-facing. But I'd like to restrict access to just one webapp, allowing connections only from localhost.
我可以使用 context.xml 中的阀门限制对所有 webapps的访问,如:
I can restrict access for all webapps using a valve in context.xml, as described in:
但我不知道如何在每个应用程序的基础上限制访问.有没有办法用我的应用程序的 web.xml 来做到这一点?或者通过向 context.xml 添加其他规则?
But I can't figure out how to restrict access on a per-app basis. Is there a way to do this with my app's web.xml? Or by adding additional rules to context.xml?
谢谢,
-B
$ cp /var/lib/tomcat6/conf/context.xml \
/var/lib/tomcat6/conf/Catalina/localhost/my-app-name.xml
$ cat /var/lib/tomcat6/conf/Catalina/localhost/my-app-name.xml
<Context>
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="localhost"/>
... {as previously} ...
</Context>
推荐答案
您可以为您的应用创建单独的 context.xml.
You can create an individual context.xml for you app.
这是 Tomcat 文档中上下文配置的摘录:上下文元素可以明确定义:
This is an excerpt from Tomcat doc on context configuraion: Context elements may be explicitly defined:
- 在
$CATALINA_HOME/conf/context.xml
文件中:Context 元素信息将被所有 webapp 加载.在$CATALINA_HOME/conf/[enginename]/[hostname]/context.xml.default
文件中:Context 元素信息将被该主机的所有 webapp 加载. - 在
$CATALINA_HOME/conf/[enginename]/[hostname]/
目录中的单个文件(带有.xml
扩展名)中.文件的名称(减去.xml
)扩展名将用作上下文路径.可以使用#
定义多级上下文路径,例如foo#bar.xml
用于/foo/bar
的上下文路径.可以使用名为ROOT.xml
的文件定义默认 Web 应用程序. - 仅当
$CATALINA_HOME/conf/[enginename]/[hostname]/
中不存在应用程序的上下文文件时;在应用程序文件内/META-INF/context.xml
的单个文件中.如果 Web 应用程序打包为 WAR,则/META-INF/context.xml
将被复制到$CATALINA_HOME/conf/[enginename]/[hostname]/
和重命名以匹配应用程序的上下文路径.一旦此文件存在,如果将具有更新的/META-INF/context.xml
的新 WAR 放置在主机的 appBase 中,它将不会被替换.
- In the
$CATALINA_HOME/conf/context.xml
file: the Context element information will be loaded by all webapps. In the$CATALINA_HOME/conf/[enginename]/[hostname]/context.xml.default
file: the Context element information will be loaded by all webapps of that host. - In individual files (with a
.xml
extension) in the$CATALINA_HOME/conf/[enginename]/[hostname]/
directory. The name of the file (less the.xml
) extension will be used as the context path. Multi-level context paths may be defined using#
, e.g.foo#bar.xml
for a context path of/foo/bar
. The default web application may be defined by using a file calledROOT.xml
. - Only if a context file does not exist for the application in the
$CATALINA_HOME/conf/[enginename]/[hostname]/
; in an individual file at/META-INF/context.xml
inside the application files. If the web application is packaged as a WAR then/META-INF/context.xml
will be copied to$CATALINA_HOME/conf/[enginename]/[hostname]/
and renamed to match the application's context path. Once this file exists, it will not be replaced if a new WAR with a newer/META-INF/context.xml
is placed in the host's appBase.
这篇关于Tomcat:限制对/just one/webapp 的本地主机的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!