You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Romain Manni-Bucau (JIRA)" <ji...@apache.org> on 2012/09/21 10:28:07 UTC

[jira] [Commented] (TOMEE-423) Move TomEE's transport out of the tomee's management UI web app

    [ https://issues.apache.org/jira/browse/TOMEE-423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13460349#comment-13460349 ] 

Romain Manni-Bucau commented on TOMEE-423:
------------------------------------------

Hi,

currently the transport is done through a servlet so all is needed is:

    <servlet>
        <servlet-name>ServerServlet</servlet-name>
        <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>ServerServlet</servlet-name>
        <url-pattern>/ejb/*</url-pattern>
    </servlet-mapping>

then use the url to /ejb as provider url.

By default i think we can't remove it (it is too common and easy) so i think we should about what you would expect removing tomee webapp, should it still work?

If yes we can add this servlet to a custom webcontext but you'll need configuration
1) context name
2) servlet path

And if you think about security
3) security on the servlet

So it sounds to me it seems easier to remove the tomee webapp then add a fake webapp with only this servlet defined in web.xml and the security you want or to add this servlet in web.xml of your own webapp

what do you think? In fact not sure what is expected once the webapp is removed, can you detail please?
                
> Move TomEE's transport out of the tomee's management UI web app
> ---------------------------------------------------------------
>
>                 Key: TOMEE-423
>                 URL: https://issues.apache.org/jira/browse/TOMEE-423
>             Project: TomEE
>          Issue Type: Improvement
>    Affects Versions: 1.0.0, 1.5.0
>            Reporter: Alex the Rocker
>
> As a measure of security hardening, people want to delete the application server's management UI to prevent remote access to it ;  especially for app servers exposed to Internet access.
> Problem with removing tomee from webapps directory is that it contains EE features such an EJB transport.
> This JIRA is to request a separation of TomEE transport features from TomEE management web app ; so that this later web app can safely deleted without risking any regression for web applications run-time features.
> Apache Tomcat supports with process, so it can be a showstopper for organizations considering a move from Tomcat to TomEE.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira