You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jason Novotny <no...@aei.mpg.de> on 2005/06/24 05:12:31 UTC
how do i restrict servlet access?
Hi,
I have a webapp A that uses cross-context to dispatch requests to
webapp B. However, I want users to have to go thru webapp A and the
mapping I set in web.xml. How do I restrict access so only webapp A can
invoke B's servlet but B should be inaccessible to users navigation. Is
there something I can set in the web.xml of B or would I need to modify
server.xml as a site wide configuration?
Thanks, Jason
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: how do i restrict servlet access? / blocking URLs
Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
You could literally examine the IP of the incoming request (look at
ServletRequest object), or you could have A set some sort of flag in
request to indicate to the filter to let the request through regardless.
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Fri, June 24, 2005 2:32 pm, Jason Novotny said:
>
> Hi Jim,
>
> Thanks-- I just looked at using a filter as a solution, but there
> seems to be a problem. I want the servlet in webapp A to be able to
> dispatch to B but not a user. The problem is the filter will block all
> requests including the dispatch from A. I need a way to somehow ensure
> that A can invoke servlet B in web app B but not a user navigating
> directly... any ideas are greatly appreciated.
> Actually one question would be how to create a filter that allows
> incoming requests from that same machine but not IP's outside of it I
> guess?
>
> Thanks, Jason
>
>
> Jim Henderson wrote:
>
>>Take a look at yesterdays (6/23 5:02 PM) posting "Blocking urls". That
>>should help.
>>
>>-----Original Message-----
>>From: Jason Novotny [mailto:novotny@aei.mpg.de]
>>Sent: Thursday, June 23, 2005 10:13 PM
>>To: tomcat-user@jakarta.apache.org
>>Subject: how do i restrict servlet access?
>>
>>
>>
>>Hi,
>>
>> I have a webapp A that uses cross-context to dispatch requests to
>>webapp B. However, I want users to have to go thru webapp A and the
>>mapping I set in web.xml. How do I restrict access so only webapp A can
>>invoke B's servlet but B should be inaccessible to users navigation. Is
>>there something I can set in the web.xml of B or would I need to modify
>>server.xml as a site wide configuration?
>>
>> Thanks, Jason
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: how do i restrict servlet access? / blocking URLs
Posted by Louis Moore <lr...@yahoo.com>.
you can use a Remote Host or Address Filter for webapp
B that only allows localhost or whatever server webapp
A runs on:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html
something like this:
<Context of webapp B>
<Valve
className="org.apache.catalina.valves.RemoteAddrValve"
allow="<ip of webapp A>" />
</Context>
-Lou
--- Jason Novotny <no...@aei.mpg.de> wrote:
>
> Hi Jim,
>
> Thanks-- I just looked at using a filter as a
> solution, but there
> seems to be a problem. I want the servlet in webapp
> A to be able to
> dispatch to B but not a user. The problem is the
> filter will block all
> requests including the dispatch from A. I need a way
> to somehow ensure
> that A can invoke servlet B in web app B but not a
> user navigating
> directly... any ideas are greatly appreciated.
> Actually one question would be how to create a
> filter that allows
> incoming requests from that same machine but not
> IP's outside of it I guess?
>
> Thanks, Jason
>
>
> Jim Henderson wrote:
>
> >Take a look at yesterdays (6/23 5:02 PM) posting
> "Blocking urls". That
> >should help.
> >
> >-----Original Message-----
> >From: Jason Novotny [mailto:novotny@aei.mpg.de]
> >Sent: Thursday, June 23, 2005 10:13 PM
> >To: tomcat-user@jakarta.apache.org
> >Subject: how do i restrict servlet access?
> >
> >
> >
> >Hi,
> >
> > I have a webapp A that uses cross-context to
> dispatch requests to
> >webapp B. However, I want users to have to go thru
> webapp A and the
> >mapping I set in web.xml. How do I restrict access
> so only webapp A can
> >invoke B's servlet but B should be inaccessible to
> users navigation. Is
> >there something I can set in the web.xml of B or
> would I need to modify
> >server.xml as a site wide configuration?
> >
> > Thanks, Jason
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> >
> >
> >
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> >
> >
> >
> >
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: how do i restrict servlet access? / blocking URLs
Posted by Jim Henderson <jg...@metafile.com>.
Sorry, I am no expert. I felt lucky to get the URL blocking solved. I
don't have experience for what your doing. I just thought it might lead to
something and could be adapted to your needs.
Good luck....
-----Original Message-----
From: Jason Novotny [mailto:novotny@aei.mpg.de]
Sent: Friday, June 24, 2005 1:32 PM
To: Tomcat Users List
Cc: novotny@aei.mpg.de
Subject: Re: how do i restrict servlet access? / blocking URLs
Hi Jim,
Thanks-- I just looked at using a filter as a solution, but there
seems to be a problem. I want the servlet in webapp A to be able to
dispatch to B but not a user. The problem is the filter will block all
requests including the dispatch from A. I need a way to somehow ensure
that A can invoke servlet B in web app B but not a user navigating
directly... any ideas are greatly appreciated.
Actually one question would be how to create a filter that allows
incoming requests from that same machine but not IP's outside of it I guess?
Thanks, Jason
Jim Henderson wrote:
>Take a look at yesterdays (6/23 5:02 PM) posting "Blocking urls". That
>should help.
>
>-----Original Message-----
>From: Jason Novotny [mailto:novotny@aei.mpg.de]
>Sent: Thursday, June 23, 2005 10:13 PM
>To: tomcat-user@jakarta.apache.org
>Subject: how do i restrict servlet access?
>
>
>
>Hi,
>
> I have a webapp A that uses cross-context to dispatch requests to
>webapp B. However, I want users to have to go thru webapp A and the
>mapping I set in web.xml. How do I restrict access so only webapp A can
>invoke B's servlet but B should be inaccessible to users navigation. Is
>there something I can set in the web.xml of B or would I need to modify
>server.xml as a site wide configuration?
>
> Thanks, Jason
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: how do i restrict servlet access? / blocking URLs
Posted by Jason Novotny <no...@aei.mpg.de>.
Hi Jim,
Thanks-- I just looked at using a filter as a solution, but there
seems to be a problem. I want the servlet in webapp A to be able to
dispatch to B but not a user. The problem is the filter will block all
requests including the dispatch from A. I need a way to somehow ensure
that A can invoke servlet B in web app B but not a user navigating
directly... any ideas are greatly appreciated.
Actually one question would be how to create a filter that allows
incoming requests from that same machine but not IP's outside of it I guess?
Thanks, Jason
Jim Henderson wrote:
>Take a look at yesterdays (6/23 5:02 PM) posting "Blocking urls". That
>should help.
>
>-----Original Message-----
>From: Jason Novotny [mailto:novotny@aei.mpg.de]
>Sent: Thursday, June 23, 2005 10:13 PM
>To: tomcat-user@jakarta.apache.org
>Subject: how do i restrict servlet access?
>
>
>
>Hi,
>
> I have a webapp A that uses cross-context to dispatch requests to
>webapp B. However, I want users to have to go thru webapp A and the
>mapping I set in web.xml. How do I restrict access so only webapp A can
>invoke B's servlet but B should be inaccessible to users navigation. Is
>there something I can set in the web.xml of B or would I need to modify
>server.xml as a site wide configuration?
>
> Thanks, Jason
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: how do i restrict servlet access?
Posted by Jim Henderson <jg...@metafile.com>.
Take a look at yesterdays (6/23 5:02 PM) posting "Blocking urls". That
should help.
-----Original Message-----
From: Jason Novotny [mailto:novotny@aei.mpg.de]
Sent: Thursday, June 23, 2005 10:13 PM
To: tomcat-user@jakarta.apache.org
Subject: how do i restrict servlet access?
Hi,
I have a webapp A that uses cross-context to dispatch requests to
webapp B. However, I want users to have to go thru webapp A and the
mapping I set in web.xml. How do I restrict access so only webapp A can
invoke B's servlet but B should be inaccessible to users navigation. Is
there something I can set in the web.xml of B or would I need to modify
server.xml as a site wide configuration?
Thanks, Jason
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org