Tomcat阀门设置 [英] Tomcat Valve settings
问题描述
我遇到了一个配置问题。我需要保护
a文件夹,这是在我实际的tomcat应用程序从访问从
a某个IP范围。
我认为这是 serverfault ,因此我发布了 a>。
现在我不知道这是SO还是SF无论如何...
然而,我一直在试图自己做, b $ b我需要设置
org.apache.catalina.valves.RemoteAddrValve
。可悲的是,我只是不能得到我需要做的
设置。 web.xml,server.xml?试过两个,null成功。
K
$b $ b
它应该放在server.xml中的< Context>
p>
< Context
path =/ tcadmin
docBase =$ {catalina.home} / server / webapps / admin
privileged =true
>
< Valve className =org.apache.catalina.valves.RemoteAddrValve
allow =127\.0\.0\.1
/>
< / Context>
请记住,字符串值是正则表达式模式,所以特殊的正则表达式字符)必须使用反斜杠进行转义。
EDIT :回复OP的评论。
我认为您需要在您的网络应用程序中实施 FILTER 并将其配置为根据其远程地址IP接受或拒绝请求。远程地址可以从 ServletRequest
对象传递到 doFilter
方法中检索。
您在web.xml文件中声明了一个过滤器:
< filter>
< filter-name> GatekeeperFilter< / filter-name>
< filter-class> your.package.GatekeeperFilter< / filter-class>
< init-param>
< param-name> allowedNetwork< / param-name>
< param-value> 192 \.168\.2\。*< / param-value>
< / init-param>
< / filter>
< filter-mapping>
< filter-name> GatekeeperFilter< / filter-name>
< url-pattern> / path / to / protected / folder< / url-pattern>
< / filter-mapping>
阅读链接的文章,了解需要做什么以接受init参数。我认为你的决定,你可以无耻地复制来自RequestDumperValve的代码。
I'm stuck with sort of a configuration issue I think. I need to protect a folder which is within my actual tomcat application from access from a certain IP range.
I thought this was serverfault, so I posted the question there. Right now I'm not sure whether this is SO or SF anyways...
Nevertheless I kept on trying geting it going by myself and figured that I need to set the
org.apache.catalina.valves.RemoteAddrValve
for that folder of mine. Sadly I just can't get where I need to make that setting. web.xml, server.xml ? Tried both, null success. Could anyone pls help me out on this.
tia
K
It should go inside your <Context>
element in server.xml:
<Context
path="/tcadmin"
docBase="${catalina.home}/server/webapps/admin"
privileged="true"
>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1"
/>
</Context>
Just remember, that the string values are regex patterns, so special regex characters ( e.g. dot(.) ) has to be escaped with backslashes.
EDIT: in reply to OP's comment.
I think you need to implement a FILTER in your web app and configure it to accept or reject requests based on their remote address IP. Remote address can be retrieved from ServletRequest
object passed into doFilter
method.
You declare a filter in your web.xml file:
<filter>
<filter-name>GatekeeperFilter</filter-name>
<filter-class>your.package.GatekeeperFilter</filter-class>
<init-param>
<param-name>allowedNetwork</param-name>
<param-value>192\.168\.2\.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>GatekeeperFilter</filter-name>
<url-pattern>/path/to/protected/folder</url-pattern>
</filter-mapping>
Read the linked article about what need to be done to accept init parameters. I think for your decision making you can shamelessly copy the code from the RequestDumperValve.
这篇关于Tomcat阀门设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!