Tomcat:限制对/just one/webapp 的本地主机的访问 [英] Tomcat: Restrict access to localhost for /just one/ webapp

问题描述

我正在运行 Tomcat 6 来为多个 Web 应用程序提供服务，其中大部分是面向公众的.但我想限制对只有一个 webapp的访问，只允许来自本地主机的连接.

I'm running Tomcat 6 to serve several web apps, most of which are public-facing. But I'd like to restrict access to just one webapp, allowing connections only from localhost.

我可以使用 context.xml 中的阀门限制对所有 webapps的访问，如:

I can restrict access for all webapps using a valve in context.xml, as described in:

• Tomcat 通过 IP 地址限制访问

但我不知道如何在每个应用程序的基础上限制访问.有没有办法用我的应用程序的 web.xml 来做到这一点?或者通过向 context.xml 添加其他规则?

But I can't figure out how to restrict access on a per-app basis. Is there a way to do this with my app's web.xml? Or by adding additional rules to context.xml?

谢谢，

-B

$ cp /var/lib/tomcat6/conf/context.xml \ 
   /var/lib/tomcat6/conf/Catalina/localhost/my-app-name.xml

$ cat /var/lib/tomcat6/conf/Catalina/localhost/my-app-name.xml

<Context>
    <Valve className="org.apache.catalina.valves.RemoteHostValve" allow="localhost"/>
... {as previously} ...
</Context>

推荐答案

您可以为您的应用创建单独的 context.xml.

You can create an individual context.xml for you app.

这是 Tomcat 文档中上下文配置的摘录:上下文元素可以明确定义:

This is an excerpt from Tomcat doc on context configuraion: Context elements may be explicitly defined:

• 在 $CATALINA_HOME/conf/context.xml 文件中:Context 元素信息将被所有 webapp 加载.在 $CATALINA_HOME/conf/[enginename]/[hostname]/context.xml.default 文件中:Context 元素信息将被该主机的所有 webapp 加载.
• 在 $CATALINA_HOME/conf/[enginename]/[hostname]/ 目录中的单个文件(带有 .xml 扩展名)中.文件的名称(减去 .xml)扩展名将用作上下文路径.可以使用 # 定义多级上下文路径，例如foo#bar.xml 用于 /foo/bar 的上下文路径.可以使用名为 ROOT.xml 的文件定义默认 Web 应用程序.
• 仅当 $CATALINA_HOME/conf/[enginename]/[hostname]/ 中不存在应用程序的上下文文件时；在应用程序文件内 /META-INF/context.xml 的单个文件中.如果 Web 应用程序打包为 WAR，则 /META-INF/context.xml 将被复制到 $CATALINA_HOME/conf/[enginename]/[hostname]/ 和重命名以匹配应用程序的上下文路径.一旦此文件存在，如果将具有更新的 /META-INF/context.xml 的新 WAR 放置在主机的 appBase 中，它将不会被替换.

• In the $CATALINA_HOME/conf/context.xml file: the Context element information will be loaded by all webapps. In the $CATALINA_HOME/conf/[enginename]/[hostname]/context.xml.default file: the Context element information will be loaded by all webapps of that host.
• In individual files (with a .xml extension) in the $CATALINA_HOME/conf/[enginename]/[hostname]/ directory. The name of the file (less the .xml) extension will be used as the context path. Multi-level context paths may be defined using #, e.g. foo#bar.xml for a context path of /foo/bar. The default web application may be defined by using a file called ROOT.xml.
• Only if a context file does not exist for the application in the $CATALINA_HOME/conf/[enginename]/[hostname]/; in an individual file at /META-INF/context.xml inside the application files. If the web application is packaged as a WAR then /META-INF/context.xml will be copied to $CATALINA_HOME/conf/[enginename]/[hostname]/ and renamed to match the application's context path. Once this file exists, it will not be replaced if a new WAR with a newer /META-INF/context.xml is placed in the host's appBase.

这篇关于Tomcat:限制对/just one/webapp 的本地主机的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！