You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Alex The Rocker <al...@gmail.com> on 2012/09/16 17:16:42 UTC
Can webapps/tomee directory be deleted for a production environment?
Hello,
Can the webapps/tomee directory be deleted for deploying a web app to
production TomEE/TomEE+ server and exposed to Internet?
Indeed, when delivering our app with Tomcat, we delete all default web apps
as part of a list of Tomcat hardening task list.
Is there any TomEE/TomE++ vital content in webapps/tomee directory ?
If the answer is yes, then it means that we cannot just remove
webapps/tomee, so then is there a way to make this web app inaccessible to
all network adapters in order to prevent its use by attackers?
Alex.
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by Alex The Rocker <al...@gmail.com>.
Done : https://issues.apache.org/jira/browse/TOMEE-423
On Thu, Sep 20, 2012 at 10:21 PM, Jean-Louis MONTEIRO <je...@gmail.com>wrote:
> Amazing, we got that discussion on my company as well where we have a lot
> of instances.
> Yes, that'd be awesome if you could feel a jura for that.
>
> Jean-Louis
>
> 2012/9/20 Alex The Rocker <al...@gmail.com>
>
> > Romain:
> >
> > It would be great to move TomEE's transport out of the tomee management
> UI
> > web app, as you suggest.
> >
> > Should I create a JIRA to track this feature request ?
> >
> > Alex
> >
> > PS: I'm definitely paranoid and want to remove management web app from
> > production environment exposed to Internet (and maybe use secured JMX for
> > remote management with strict iptable rules..)
> >
> > On Sun, Sep 16, 2012 at 10:59 PM, Romain Manni-Bucau
> > <rm...@gmail.com>wrote:
> >
> > > i dont think (or it is not known today)
> > >
> > > i personnally would like to keep it a gui + transport webapp.
> > >
> > > wonder if we shouldnt move transport part BTW. We could do it
> > > programmatically and totally skip the webapp (something to think about
> > > after next release).
> > >
> > > *Romain Manni-Bucau*
> > > *Twitter: @rmannibucau*
> > > *Blog: http://rmannibucau.wordpress.com*
> > >
> > >
> > >
> > >
> > > 2012/9/16 Alex The Rocker <al...@gmail.com>
> > >
> > > > David:
> > > >
> > > > Thank you very much for your answer. Is the ability to remove
> > > webapps/tomee
> > > > directory a durable one?
> > > > Won't there be future "mandatory" features requiring this web app?
> > > >
> > > > Alex
> > > >
> > > > On Sun, Sep 16, 2012 at 7:29 PM, David Blevins <
> > david.blevins@gmail.com
> > > > >wrote:
> > > >
> > > > >
> > > > > On Sep 16, 2012, at 8:16 AM, Alex The Rocker wrote:
> > > > >
> > > > > > Hello,
> > > > > >
> > > > > > Can the webapps/tomee directory be deleted for deploying a web
> app
> > to
> > > > > > production TomEE/TomEE+ server and exposed to Internet?
> > > > > > Indeed, when delivering our app with Tomcat, we delete all
> default
> > > web
> > > > > apps
> > > > > > as part of a list of Tomcat hardening task list.
> > > > > >
> > > > > > Is there any TomEE/TomE++ vital content in webapps/tomee
> directory
> > ?
> > > > >
> > > > > The only loss of functionality would be the ability to remotely
> > execute
> > > > > EJBs over HTTP. However this can easily be added to a different
> > webapp
> > > > > like so:
> > > > >
> > > > > <servlet>
> > > > > <servlet-name>ServerServlet</servlet-name>
> > > > >
> > > > >
> > > >
> > >
> >
> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
> > > > > </servlet>
> > > > >
> > > > > <servlet-mapping>
> > > > > <servlet-name>ServerServlet</servlet-name>
> > > > > <url-pattern>/myejbs/*</url-pattern>
> > > > > </servlet-mapping>
> > > > >
> > > > >
> > > > > Then you can create an `InitialContext` that points to that webapp
> > like
> > > > so:
> > > > >
> > > > > Properties p = new Properties();
> > > > > p.put("java.naming.factory.initial",
> > > > > "org.apache.openejb.client.RemoteInitialContextFactory");
> > > > > p.put("java.naming.provider.url", "
> > > > > http://127.0.0.1:8080/mywebapp/myejbs");
> > > > > // user and pass optional
> > > > > p.put("java.naming.security.principal", "myuser");
> > > > > p.put("java.naming.security.credentials", "mypass");
> > > > >
> > > > > InitialContext ctx = new InitialContext(p);
> > > > >
> > > > > MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
> > > > >
> > > > >
> > > > > -David
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
The question is which security for ejbd?
Le 20 sept. 2012 22:22, "Jean-Louis MONTEIRO" <je...@gmail.com> a écrit :
> Amazing, we got that discussion on my company as well where we have a lot
> of instances.
> Yes, that'd be awesome if you could feel a jura for that.
>
> Jean-Louis
>
> 2012/9/20 Alex The Rocker <al...@gmail.com>
>
> > Romain:
> >
> > It would be great to move TomEE's transport out of the tomee management
> UI
> > web app, as you suggest.
> >
> > Should I create a JIRA to track this feature request ?
> >
> > Alex
> >
> > PS: I'm definitely paranoid and want to remove management web app from
> > production environment exposed to Internet (and maybe use secured JMX for
> > remote management with strict iptable rules..)
> >
> > On Sun, Sep 16, 2012 at 10:59 PM, Romain Manni-Bucau
> > <rm...@gmail.com>wrote:
> >
> > > i dont think (or it is not known today)
> > >
> > > i personnally would like to keep it a gui + transport webapp.
> > >
> > > wonder if we shouldnt move transport part BTW. We could do it
> > > programmatically and totally skip the webapp (something to think about
> > > after next release).
> > >
> > > *Romain Manni-Bucau*
> > > *Twitter: @rmannibucau*
> > > *Blog: http://rmannibucau.wordpress.com*
> > >
> > >
> > >
> > >
> > > 2012/9/16 Alex The Rocker <al...@gmail.com>
> > >
> > > > David:
> > > >
> > > > Thank you very much for your answer. Is the ability to remove
> > > webapps/tomee
> > > > directory a durable one?
> > > > Won't there be future "mandatory" features requiring this web app?
> > > >
> > > > Alex
> > > >
> > > > On Sun, Sep 16, 2012 at 7:29 PM, David Blevins <
> > david.blevins@gmail.com
> > > > >wrote:
> > > >
> > > > >
> > > > > On Sep 16, 2012, at 8:16 AM, Alex The Rocker wrote:
> > > > >
> > > > > > Hello,
> > > > > >
> > > > > > Can the webapps/tomee directory be deleted for deploying a web
> app
> > to
> > > > > > production TomEE/TomEE+ server and exposed to Internet?
> > > > > > Indeed, when delivering our app with Tomcat, we delete all
> default
> > > web
> > > > > apps
> > > > > > as part of a list of Tomcat hardening task list.
> > > > > >
> > > > > > Is there any TomEE/TomE++ vital content in webapps/tomee
> directory
> > ?
> > > > >
> > > > > The only loss of functionality would be the ability to remotely
> > execute
> > > > > EJBs over HTTP. However this can easily be added to a different
> > webapp
> > > > > like so:
> > > > >
> > > > > <servlet>
> > > > > <servlet-name>ServerServlet</servlet-name>
> > > > >
> > > > >
> > > >
> > >
> >
> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
> > > > > </servlet>
> > > > >
> > > > > <servlet-mapping>
> > > > > <servlet-name>ServerServlet</servlet-name>
> > > > > <url-pattern>/myejbs/*</url-pattern>
> > > > > </servlet-mapping>
> > > > >
> > > > >
> > > > > Then you can create an `InitialContext` that points to that webapp
> > like
> > > > so:
> > > > >
> > > > > Properties p = new Properties();
> > > > > p.put("java.naming.factory.initial",
> > > > > "org.apache.openejb.client.RemoteInitialContextFactory");
> > > > > p.put("java.naming.provider.url", "
> > > > > http://127.0.0.1:8080/mywebapp/myejbs");
> > > > > // user and pass optional
> > > > > p.put("java.naming.security.principal", "myuser");
> > > > > p.put("java.naming.security.credentials", "mypass");
> > > > >
> > > > > InitialContext ctx = new InitialContext(p);
> > > > >
> > > > > MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
> > > > >
> > > > >
> > > > > -David
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by Jean-Louis MONTEIRO <je...@gmail.com>.
Amazing, we got that discussion on my company as well where we have a lot
of instances.
Yes, that'd be awesome if you could feel a jura for that.
Jean-Louis
2012/9/20 Alex The Rocker <al...@gmail.com>
> Romain:
>
> It would be great to move TomEE's transport out of the tomee management UI
> web app, as you suggest.
>
> Should I create a JIRA to track this feature request ?
>
> Alex
>
> PS: I'm definitely paranoid and want to remove management web app from
> production environment exposed to Internet (and maybe use secured JMX for
> remote management with strict iptable rules..)
>
> On Sun, Sep 16, 2012 at 10:59 PM, Romain Manni-Bucau
> <rm...@gmail.com>wrote:
>
> > i dont think (or it is not known today)
> >
> > i personnally would like to keep it a gui + transport webapp.
> >
> > wonder if we shouldnt move transport part BTW. We could do it
> > programmatically and totally skip the webapp (something to think about
> > after next release).
> >
> > *Romain Manni-Bucau*
> > *Twitter: @rmannibucau*
> > *Blog: http://rmannibucau.wordpress.com*
> >
> >
> >
> >
> > 2012/9/16 Alex The Rocker <al...@gmail.com>
> >
> > > David:
> > >
> > > Thank you very much for your answer. Is the ability to remove
> > webapps/tomee
> > > directory a durable one?
> > > Won't there be future "mandatory" features requiring this web app?
> > >
> > > Alex
> > >
> > > On Sun, Sep 16, 2012 at 7:29 PM, David Blevins <
> david.blevins@gmail.com
> > > >wrote:
> > >
> > > >
> > > > On Sep 16, 2012, at 8:16 AM, Alex The Rocker wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > Can the webapps/tomee directory be deleted for deploying a web app
> to
> > > > > production TomEE/TomEE+ server and exposed to Internet?
> > > > > Indeed, when delivering our app with Tomcat, we delete all default
> > web
> > > > apps
> > > > > as part of a list of Tomcat hardening task list.
> > > > >
> > > > > Is there any TomEE/TomE++ vital content in webapps/tomee directory
> ?
> > > >
> > > > The only loss of functionality would be the ability to remotely
> execute
> > > > EJBs over HTTP. However this can easily be added to a different
> webapp
> > > > like so:
> > > >
> > > > <servlet>
> > > > <servlet-name>ServerServlet</servlet-name>
> > > >
> > > >
> > >
> >
> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
> > > > </servlet>
> > > >
> > > > <servlet-mapping>
> > > > <servlet-name>ServerServlet</servlet-name>
> > > > <url-pattern>/myejbs/*</url-pattern>
> > > > </servlet-mapping>
> > > >
> > > >
> > > > Then you can create an `InitialContext` that points to that webapp
> like
> > > so:
> > > >
> > > > Properties p = new Properties();
> > > > p.put("java.naming.factory.initial",
> > > > "org.apache.openejb.client.RemoteInitialContextFactory");
> > > > p.put("java.naming.provider.url", "
> > > > http://127.0.0.1:8080/mywebapp/myejbs");
> > > > // user and pass optional
> > > > p.put("java.naming.security.principal", "myuser");
> > > > p.put("java.naming.security.credentials", "mypass");
> > > >
> > > > InitialContext ctx = new InitialContext(p);
> > > >
> > > > MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
> > > >
> > > >
> > > > -David
> > > >
> > > >
> > > >
> > >
> >
>
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Yes open a jira please
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
*LinkedIn: http://www.linkedin.com/pub/romain-manni-bucau/43/544/956*
2012/9/20 Alex The Rocker <al...@gmail.com>
> Romain:
>
> It would be great to move TomEE's transport out of the tomee management UI
> web app, as you suggest.
>
> Should I create a JIRA to track this feature request ?
>
> Alex
>
> PS: I'm definitely paranoid and want to remove management web app from
> production environment exposed to Internet (and maybe use secured JMX for
> remote management with strict iptable rules..)
>
> On Sun, Sep 16, 2012 at 10:59 PM, Romain Manni-Bucau
> <rm...@gmail.com>wrote:
>
> > i dont think (or it is not known today)
> >
> > i personnally would like to keep it a gui + transport webapp.
> >
> > wonder if we shouldnt move transport part BTW. We could do it
> > programmatically and totally skip the webapp (something to think about
> > after next release).
> >
> > *Romain Manni-Bucau*
> > *Twitter: @rmannibucau*
> > *Blog: http://rmannibucau.wordpress.com*
> >
> >
> >
> >
> > 2012/9/16 Alex The Rocker <al...@gmail.com>
> >
> > > David:
> > >
> > > Thank you very much for your answer. Is the ability to remove
> > webapps/tomee
> > > directory a durable one?
> > > Won't there be future "mandatory" features requiring this web app?
> > >
> > > Alex
> > >
> > > On Sun, Sep 16, 2012 at 7:29 PM, David Blevins <
> david.blevins@gmail.com
> > > >wrote:
> > >
> > > >
> > > > On Sep 16, 2012, at 8:16 AM, Alex The Rocker wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > Can the webapps/tomee directory be deleted for deploying a web app
> to
> > > > > production TomEE/TomEE+ server and exposed to Internet?
> > > > > Indeed, when delivering our app with Tomcat, we delete all default
> > web
> > > > apps
> > > > > as part of a list of Tomcat hardening task list.
> > > > >
> > > > > Is there any TomEE/TomE++ vital content in webapps/tomee directory
> ?
> > > >
> > > > The only loss of functionality would be the ability to remotely
> execute
> > > > EJBs over HTTP. However this can easily be added to a different
> webapp
> > > > like so:
> > > >
> > > > <servlet>
> > > > <servlet-name>ServerServlet</servlet-name>
> > > >
> > > >
> > >
> >
> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
> > > > </servlet>
> > > >
> > > > <servlet-mapping>
> > > > <servlet-name>ServerServlet</servlet-name>
> > > > <url-pattern>/myejbs/*</url-pattern>
> > > > </servlet-mapping>
> > > >
> > > >
> > > > Then you can create an `InitialContext` that points to that webapp
> like
> > > so:
> > > >
> > > > Properties p = new Properties();
> > > > p.put("java.naming.factory.initial",
> > > > "org.apache.openejb.client.RemoteInitialContextFactory");
> > > > p.put("java.naming.provider.url", "
> > > > http://127.0.0.1:8080/mywebapp/myejbs");
> > > > // user and pass optional
> > > > p.put("java.naming.security.principal", "myuser");
> > > > p.put("java.naming.security.credentials", "mypass");
> > > >
> > > > InitialContext ctx = new InitialContext(p);
> > > >
> > > > MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
> > > >
> > > >
> > > > -David
> > > >
> > > >
> > > >
> > >
> >
>
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by Alex The Rocker <al...@gmail.com>.
Romain:
It would be great to move TomEE's transport out of the tomee management UI
web app, as you suggest.
Should I create a JIRA to track this feature request ?
Alex
PS: I'm definitely paranoid and want to remove management web app from
production environment exposed to Internet (and maybe use secured JMX for
remote management with strict iptable rules..)
On Sun, Sep 16, 2012 at 10:59 PM, Romain Manni-Bucau
<rm...@gmail.com>wrote:
> i dont think (or it is not known today)
>
> i personnally would like to keep it a gui + transport webapp.
>
> wonder if we shouldnt move transport part BTW. We could do it
> programmatically and totally skip the webapp (something to think about
> after next release).
>
> *Romain Manni-Bucau*
> *Twitter: @rmannibucau*
> *Blog: http://rmannibucau.wordpress.com*
>
>
>
>
> 2012/9/16 Alex The Rocker <al...@gmail.com>
>
> > David:
> >
> > Thank you very much for your answer. Is the ability to remove
> webapps/tomee
> > directory a durable one?
> > Won't there be future "mandatory" features requiring this web app?
> >
> > Alex
> >
> > On Sun, Sep 16, 2012 at 7:29 PM, David Blevins <david.blevins@gmail.com
> > >wrote:
> >
> > >
> > > On Sep 16, 2012, at 8:16 AM, Alex The Rocker wrote:
> > >
> > > > Hello,
> > > >
> > > > Can the webapps/tomee directory be deleted for deploying a web app to
> > > > production TomEE/TomEE+ server and exposed to Internet?
> > > > Indeed, when delivering our app with Tomcat, we delete all default
> web
> > > apps
> > > > as part of a list of Tomcat hardening task list.
> > > >
> > > > Is there any TomEE/TomE++ vital content in webapps/tomee directory ?
> > >
> > > The only loss of functionality would be the ability to remotely execute
> > > EJBs over HTTP. However this can easily be added to a different webapp
> > > like so:
> > >
> > > <servlet>
> > > <servlet-name>ServerServlet</servlet-name>
> > >
> > >
> >
> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
> > > </servlet>
> > >
> > > <servlet-mapping>
> > > <servlet-name>ServerServlet</servlet-name>
> > > <url-pattern>/myejbs/*</url-pattern>
> > > </servlet-mapping>
> > >
> > >
> > > Then you can create an `InitialContext` that points to that webapp like
> > so:
> > >
> > > Properties p = new Properties();
> > > p.put("java.naming.factory.initial",
> > > "org.apache.openejb.client.RemoteInitialContextFactory");
> > > p.put("java.naming.provider.url", "
> > > http://127.0.0.1:8080/mywebapp/myejbs");
> > > // user and pass optional
> > > p.put("java.naming.security.principal", "myuser");
> > > p.put("java.naming.security.credentials", "mypass");
> > >
> > > InitialContext ctx = new InitialContext(p);
> > >
> > > MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
> > >
> > >
> > > -David
> > >
> > >
> > >
> >
>
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
i dont think (or it is not known today)
i personnally would like to keep it a gui + transport webapp.
wonder if we shouldnt move transport part BTW. We could do it
programmatically and totally skip the webapp (something to think about
after next release).
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/9/16 Alex The Rocker <al...@gmail.com>
> David:
>
> Thank you very much for your answer. Is the ability to remove webapps/tomee
> directory a durable one?
> Won't there be future "mandatory" features requiring this web app?
>
> Alex
>
> On Sun, Sep 16, 2012 at 7:29 PM, David Blevins <david.blevins@gmail.com
> >wrote:
>
> >
> > On Sep 16, 2012, at 8:16 AM, Alex The Rocker wrote:
> >
> > > Hello,
> > >
> > > Can the webapps/tomee directory be deleted for deploying a web app to
> > > production TomEE/TomEE+ server and exposed to Internet?
> > > Indeed, when delivering our app with Tomcat, we delete all default web
> > apps
> > > as part of a list of Tomcat hardening task list.
> > >
> > > Is there any TomEE/TomE++ vital content in webapps/tomee directory ?
> >
> > The only loss of functionality would be the ability to remotely execute
> > EJBs over HTTP. However this can easily be added to a different webapp
> > like so:
> >
> > <servlet>
> > <servlet-name>ServerServlet</servlet-name>
> >
> >
> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
> > </servlet>
> >
> > <servlet-mapping>
> > <servlet-name>ServerServlet</servlet-name>
> > <url-pattern>/myejbs/*</url-pattern>
> > </servlet-mapping>
> >
> >
> > Then you can create an `InitialContext` that points to that webapp like
> so:
> >
> > Properties p = new Properties();
> > p.put("java.naming.factory.initial",
> > "org.apache.openejb.client.RemoteInitialContextFactory");
> > p.put("java.naming.provider.url", "
> > http://127.0.0.1:8080/mywebapp/myejbs");
> > // user and pass optional
> > p.put("java.naming.security.principal", "myuser");
> > p.put("java.naming.security.credentials", "mypass");
> >
> > InitialContext ctx = new InitialContext(p);
> >
> > MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
> >
> >
> > -David
> >
> >
> >
>
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by Alex The Rocker <al...@gmail.com>.
David:
Thank you very much for your answer. Is the ability to remove webapps/tomee
directory a durable one?
Won't there be future "mandatory" features requiring this web app?
Alex
On Sun, Sep 16, 2012 at 7:29 PM, David Blevins <da...@gmail.com>wrote:
>
> On Sep 16, 2012, at 8:16 AM, Alex The Rocker wrote:
>
> > Hello,
> >
> > Can the webapps/tomee directory be deleted for deploying a web app to
> > production TomEE/TomEE+ server and exposed to Internet?
> > Indeed, when delivering our app with Tomcat, we delete all default web
> apps
> > as part of a list of Tomcat hardening task list.
> >
> > Is there any TomEE/TomE++ vital content in webapps/tomee directory ?
>
> The only loss of functionality would be the ability to remotely execute
> EJBs over HTTP. However this can easily be added to a different webapp
> like so:
>
> <servlet>
> <servlet-name>ServerServlet</servlet-name>
>
> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>ServerServlet</servlet-name>
> <url-pattern>/myejbs/*</url-pattern>
> </servlet-mapping>
>
>
> Then you can create an `InitialContext` that points to that webapp like so:
>
> Properties p = new Properties();
> p.put("java.naming.factory.initial",
> "org.apache.openejb.client.RemoteInitialContextFactory");
> p.put("java.naming.provider.url", "
> http://127.0.0.1:8080/mywebapp/myejbs");
> // user and pass optional
> p.put("java.naming.security.principal", "myuser");
> p.put("java.naming.security.credentials", "mypass");
>
> InitialContext ctx = new InitialContext(p);
>
> MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
>
>
> -David
>
>
>
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by David Blevins <da...@gmail.com>.
On Sep 16, 2012, at 8:16 AM, Alex The Rocker wrote:
> Hello,
>
> Can the webapps/tomee directory be deleted for deploying a web app to
> production TomEE/TomEE+ server and exposed to Internet?
> Indeed, when delivering our app with Tomcat, we delete all default web apps
> as part of a list of Tomcat hardening task list.
>
> Is there any TomEE/TomE++ vital content in webapps/tomee directory ?
The only loss of functionality would be the ability to remotely execute EJBs over HTTP. However this can easily be added to a different webapp like so:
<servlet>
<servlet-name>ServerServlet</servlet-name>
<servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ServerServlet</servlet-name>
<url-pattern>/myejbs/*</url-pattern>
</servlet-mapping>
Then you can create an `InitialContext` that points to that webapp like so:
Properties p = new Properties();
p.put("java.naming.factory.initial", "org.apache.openejb.client.RemoteInitialContextFactory");
p.put("java.naming.provider.url", "http://127.0.0.1:8080/mywebapp/myejbs");
// user and pass optional
p.put("java.naming.security.principal", "myuser");
p.put("java.naming.security.credentials", "mypass");
InitialContext ctx = new InitialContext(p);
MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
-David
Re: Can webapps/tomee directory be deleted for a production environment?
Posted by Fernando Lozano <fe...@lozano.eti.br>.
Alex,
You could use the Tomcat RemoteAddrValve to restrict this app to only
the localhost.
I personally like to have some apps (like the manager interface and the
jmx-proxy) available only to sysadmins, using either the above valve or
OS firewall rules (such as Linux iptables).
Of course I'd also change those apps config to use SSL (sometimes
enforcing client certificates) and user authentication (preferably from
a LDAP directory such as OpenLDAP). Defense in deep is allways nice to
have, and with this I can provide remote support (preferably through
OpenVPN or a SSH tunnel) with a certain level of confidence my app
servers are not open do hackers.
[]s, Fernando Lozano
> Hello,
>
> Can the webapps/tomee directory be deleted for deploying a web app to
> production TomEE/TomEE+ server and exposed to Internet?
> Indeed, when delivering our app with Tomcat, we delete all default web apps
> as part of a list of Tomcat hardening task list.
>
> Is there any TomEE/TomE++ vital content in webapps/tomee directory ?
>
> If the answer is yes, then it means that we cannot just remove
> webapps/tomee, so then is there a way to make this web app inaccessible to
> all network adapters in order to prevent its use by attackers?
>
> Alex.
>