You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Ravindranath Akila <ra...@gmail.com> on 2011/10/20 11:19:44 UTC
Preventing Access To /openejb
Is there a very secure way I can prevent access to or disable /openejb
application?
Thanks in Advance :)
Akila...
Re: Preventing Access To /openejb
Posted by Romain Manni-Bucau <rm...@gmail.com>.
@Jon: +1 for the java -jar app.war
- Romain
2011/10/20 Jonathan Gallimore <jo...@gmail.com>
> You beat me to it, I was going to make the same suggestion. Are you using
> our tomee-embedded module or are you hooking OpenEJB up to an Embedded
> Tomcat in some other way? If you're hooking things up yourself, if you can
> post a bit of code showing what you're doing that would be a big help.
>
> Let us know if adding the context.xml doesn't work, we'll try and work
> something out for you.
>
> As for migrating to TomEE from how you're running at the moment - I guess
> that depends on your requirements. If you're not using our tomee-embedded
> module, it might be worth checking out. I've been playing around with
> adding
> that to a .war so you can execute a the war using TomEE just be doing a
> java
> -jar myapp.war, kind of like how the jenkins (http://jenkins-ci.org/) war
> file works. I should have that going tonight - I can definitely post that
> up
> here if you're interested.
>
> Jon
>
> On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> <rm...@gmail.com>wrote:
>
> > i think if you start tomee-embedded and add to classpath the context.xml
> > file it should work, can you give it a try?
> >
> > - Romain
> >
> >
> > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >
> > > We're using Tomcat Embedded mode. I don't find that file in the given
> > > directory.
> > >
> > > in CATALIBA_BASE/conf:
> > >
> > > Catalina catalina.policy catalina.properties context.xml
> > > logging.properties openejb.xml server.xml server.xml.original
> > > tomcat-users.xml web.xml
> > >
> > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > >
> > > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
> > > org.apache.openejb.tomcat
> > >
> > > are the files which I find.
> > >
> > > Do you think it is wise to port to TomEE ?
> > >
> > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > > jonathan.gallimore@gmail.com> wrote:
> > >
> > > > I think we restrict access by ip address to localhost by default.
> Check
> > > out
> > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you can
> > edit
> > > > that to meet your needs.
> > > >
> > > > By default the config in that file is:
> > > >
> > > > <Context>
> > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> > > > </Context>
> > > >
> > > > There might be other valve you could add that might do what you want.
> > > >
> > > > Alternatively if you're using a HTTP server in front of Tomcat/TomEE
> > you
> > > > could use some URL rewriting to prevent access to the application.
> > > >
> > > > Let us know if that's no good though, and we'll try and suggest
> > something
> > > > else.
> > > >
> > > > Jon
> > > >
> > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> > > > ravindranathakila@gmail.com> wrote:
> > > >
> > > > > Is there a very secure way I can prevent access to or disable
> > /openejb
> > > > > application?
> > > > >
> > > > > Thanks in Advance :)
> > > > >
> > > > > Akila...
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Thanks!
> > > Akila...
> > >
> >
>
Re: Preventing Access To /openejb
Posted by Romain Manni-Bucau <rm...@gmail.com>.
you're welcome
- Romain
2011/10/20 Ravindranath Akila <ra...@gmail.com>
> Hmmm true. Initially when installing I would've gone to /openejb and
> noticed
> the 403 warning. That does not mean my app cannot access it. I would've
> assumed if I cannot access it through the web, it won't work.
>
> So best approach is after running the initial openejb tests at /openejb,
> put
> back the context.
>
> I'm glad you explained it. I'll put back the context.xml.
>
> Thanks a lot!
> On Oct 21, 2011 1:17 AM, "Romain Manni-Bucau" <rm...@gmail.com>
> wrote:
>
> > no, keep it in openejb webapp, not in your webppa and it should do the
> > trick
> >
> > - Romain
> >
> >
> > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >
> > > Since I deleted the context, right?
> > > On Oct 20, 2011 11:23 PM, "Romain Manni-Bucau" <rm...@gmail.com>
> > > wrote:
> > >
> > > > you modified the webapp but the context.xml is webapp relative so it
> > > should
> > > > prevent openejb to be accessed but not your webapp
> > > >
> > > > - Romain
> > > >
> > > >
> > > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > > >
> > > > > Correction:
> > > > > *So I did this for now in Tomcat:*
> > > > >
> > > > > <?xml version='1.0' encoding='utf-8'?>
> > > > > <tomcat-users>
> > > > > <role rolename="sample_role"/>
> > > > > <user username="something" password="something"
> > roles="sample_role"/>
> > > > > </tomcat-users>
> > > > >
> > > > > *and in the web.xml of openejb:*
> > > > >
> > > > > <!-- Define a Security Constraint on this Application -->
> > > > > <security-constraint>
> > > > > <web-resource-collection>
> > > > > <web-resource-name>OpenEJB Application</web-resource-name>
> > > > > <url-pattern>/*</url-pattern>
> > > > > </web-resource-collection>
> > > > > <auth-constraint>
> > > > > <role-name>sample_role</role-name>
> > > > > </auth-constraint>
> > > > > </security-constraint>
> > > > >
> > > > > <!-- Define the Login Configuration for this Application -->
> > > > > <login-config>
> > > > > <auth-method>BASIC</auth-method>
> > > > > <realm-name>Application</realm-name>
> > > > > </login-config>
> > > > >
> > > > > <!-- Security roles referenced by this web application -->
> > > > > <security-role>
> > > > > <description>
> > > > > The role that is required to log in to the OpenEJB Application
> > > > > </description>
> > > > > <role-name>sample_role</role-name>
> > > > > </security-role>
> > > > >
> > > > >
> > > > > On Thu, Oct 20, 2011 at 11:18 PM, Ravindranath Akila <
> > > > > ravindranathakila@gmail.com> wrote:
> > > > >
> > > > > > Depending how I look at it, it seems we are doing something a bit
> > > odd.
> > > > > Our
> > > > > > webapp and EJB container(openejb) are the same Tomcat. Hence
> > > > remote(web)
> > > > > > access is required by the web application deployed as ROOT in the
> > > > webapps
> > > > > > directory of Tomcat.
> > > > > >
> > > > > > *So I did this for now in Tomcat:*
> > > > > >
> > > > > > <?xml version='1.0' encoding='utf-8'?>
> > > > > > <tomcat-users>
> > > > > > <role rolename="sample_role"/>
> > > > > > <user username="something" password="something"
> > > roles="sample_role"/>
> > > > > > </tomcat-users>
> > > > > >
> > > > > > *and in the web.xml of openejb:*
> > > > > >
> > > > > > <!-- Define a Security Constraint on this Application -->
> > > > > > <security-constraint>
> > > > > > <web-resource-collection>
> > > > > > <web-resource-name>OpenEJB Application</web-resource-name>
> > > > > > <url-pattern>/*</url-pattern>
> > > > > > </web-resource-collection>
> > > > > > <auth-constraint>
> > > > > > <role-name>ilp</role-name>
> > > > > > </auth-constraint>
> > > > > > </security-constraint>
> > > > > >
> > > > > > <!-- Define the Login Configuration for this Application -->
> > > > > > <login-config>
> > > > > > <auth-method>BASIC</auth-method>
> > > > > > <realm-name>Application</realm-name>
> > > > > > </login-config>
> > > > > >
> > > > > > <!-- Security roles referenced by this web application -->
> > > > > > <security-role>
> > > > > > <description>
> > > > > > The role that is required to log in to the OpenEJB
> > Application
> > > > > > </description>
> > > > > > <role-name>sample_role</role-name>
> > > > > > </security-role>
> > > > > >
> > > > > >
> > > > > > But I'm not sure if preventing in this manner is secure.
> > > > > >
> > > > > >
> > > > > > On Thu, Oct 20, 2011 at 11:08 PM, Romain Manni-Bucau <
> > > > > > rmannibucau@gmail.com> wrote:
> > > > > >
> > > > > >> hmm
> > > > > >>
> > > > > >> the openejb context.xml prevent the remote access to openejb
> > webapp
> > > > (for
> > > > > >> security reasons).
> > > > > >>
> > > > > >> if you want security you should keep it and remote accesses will
> > > > return
> > > > > >> 403..
> > > > > >>
> > > > > >> i'm not sure i get the problem
> > > > > >>
> > > > > >> - Romain
> > > > > >>
> > > > > >>
> > > > > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > > > > >>
> > > > > >> > As I guessed, the official documentation on resolving the HTTP
> > > > Status
> > > > > >> 403
> > > > > >> > says to delete it(http://openejb.apache.org/tomcat.html). Is
> > > there
> > > > a
> > > > > >> way
> > > > > >> > of
> > > > > >> > adding context.xml without getting 403?
> > > > > >> >
> > > > > >> > Thanks a lot for helping me out!
> > > > > >> > On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <
> > > > > >> > ravindranathakila@gmail.com>
> > > > > >> > wrote:
> > > > > >> >
> > > > > >> > > You are right. It's on my local instance but not on the
> tomcat
> > > > > >> instance
> > > > > >> > on
> > > > > >> > > the server. I'm checking why!
> > > > > >> > > On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <
> > > > > rmannibucau@gmail.com>
> > > > > >> > > wrote:
> > > > > >> > >
> > > > > >> > >> well META-INF/context.xml should work and should already be
> > in
> > > > > >> > >> openejb.war.
> > > > > >> > >>
> > > > > >> > >> - Romain
> > > > > >> > >>
> > > > > >> > >>
> > > > > >> > >> 2011/10/20 Ravindranath Akila <ravindranathakila@gmail.com
> >
> > > > > >> > >>
> > > > > >> > >> > We use openejb.war by putting it in the Tomcat webapp
> > folder
> > > -
> > > > > >> Tomcat
> > > > > >> > >> being
> > > > > >> > >> > an original fetched from Apache.
> > > > > >> > >> >
> > > > > >> > >> > I'm worried to go for TomEE since we've gone production.
> > I'll
> > > > try
> > > > > >> what
> > > > > >> > >> you
> > > > > >> > >> > suggest and let you know how it goes.
> > > > > >> > >> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> > > > > >> > >> > jonathan.gallimore@gmail.com>
> > > > > >> > >> > wrote:
> > > > > >> > >> >
> > > > > >> > >> > > You beat me to it, I was going to make the same
> > suggestion.
> > > > Are
> > > > > >> you
> > > > > >> > >> using
> > > > > >> > >> > > our tomee-embedded module or are you hooking OpenEJB up
> > to
> > > an
> > > > > >> > Embedded
> > > > > >> > >> > > Tomcat in some other way? If you're hooking things up
> > > > yourself,
> > > > > >> if
> > > > > >> > you
> > > > > >> > >> > can
> > > > > >> > >> > > post a bit of code showing what you're doing that would
> > be
> > > a
> > > > > big
> > > > > >> > help.
> > > > > >> > >> > >
> > > > > >> > >> > > Let us know if adding the context.xml doesn't work,
> we'll
> > > try
> > > > > and
> > > > > >> > work
> > > > > >> > >> > > something out for you.
> > > > > >> > >> > >
> > > > > >> > >> > > As for migrating to TomEE from how you're running at
> the
> > > > moment
> > > > > -
> > > > > >> I
> > > > > >> > >> guess
> > > > > >> > >> > > that depends on your requirements. If you're not using
> > our
> > > > > >> > >> tomee-embedded
> > > > > >> > >> > > module, it might be worth checking out. I've been
> playing
> > > > > around
> > > > > >> > with
> > > > > >> > >> > > adding
> > > > > >> > >> > > that to a .war so you can execute a the war using TomEE
> > > just
> > > > be
> > > > > >> > doing
> > > > > >> > >> a
> > > > > >> > >> > > java
> > > > > >> > >> > > -jar myapp.war, kind of like how the jenkins (
> > > > > >> > http://jenkins-ci.org/)
> > > > > >> > >> > war
> > > > > >> > >> > > file works. I should have that going tonight - I can
> > > > definitely
> > > > > >> post
> > > > > >> > >> that
> > > > > >> > >> > > up
> > > > > >> > >> > > here if you're interested.
> > > > > >> > >> > >
> > > > > >> > >> > > Jon
> > > > > >> > >> > >
> > > > > >> > >> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> > > > > >> > >> > > <rm...@gmail.com>wrote:
> > > > > >> > >> > >
> > > > > >> > >> > > > i think if you start tomee-embedded and add to
> > classpath
> > > > the
> > > > > >> > >> > context.xml
> > > > > >> > >> > > > file it should work, can you give it a try?
> > > > > >> > >> > > >
> > > > > >> > >> > > > - Romain
> > > > > >> > >> > > >
> > > > > >> > >> > > >
> > > > > >> > >> > > > 2011/10/20 Ravindranath Akila <
> > > ravindranathakila@gmail.com
> > > > >
> > > > > >> > >> > > >
> > > > > >> > >> > > > > We're using Tomcat Embedded mode. I don't find that
> > > file
> > > > in
> > > > > >> the
> > > > > >> > >> given
> > > > > >> > >> > > > > directory.
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > in CATALIBA_BASE/conf:
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > Catalina catalina.policy catalina.properties
> > > > context.xml
> > > > > >> > >> > > > > logging.properties openejb.xml server.xml
> > > > > >> > server.xml.original
> > > > > >> > >> > > > > tomcat-users.xml web.xml
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt
> > > > > dependencies.xml
> > > > > >> > >> > > > > org.apache.openejb.tomcat
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > are the files which I find.
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > Do you think it is wise to port to TomEE ?
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore
> <
> > > > > >> > >> > > > > jonathan.gallimore@gmail.com> wrote:
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > > I think we restrict access by ip address to
> > localhost
> > > > by
> > > > > >> > >> default.
> > > > > >> > >> > > Check
> > > > > >> > >> > > > > out
> > > > > >> > >> > > > > >
> $CATALINA_BASE/webapps/openejb/META-INF/context.xml
> > -
> > > > > maybe
> > > > > >> > you
> > > > > >> > >> can
> > > > > >> > >> > > > edit
> > > > > >> > >> > > > > > that to meet your needs.
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > > > By default the config in that file is:
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > > > <Context>
> > > > > >> > >> > > > > > <Valve
> > > > > >> className="org.apache.catalina.valves.RemoteAddrValve"
> > > > > >> > >> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$"
> > > > > deny=""/>
> > > > > >> > >> > > > > > </Context>
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > > > There might be other valve you could add that
> might
> > > do
> > > > > what
> > > > > >> > you
> > > > > >> > >> > want.
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > > > Alternatively if you're using a HTTP server in
> > front
> > > of
> > > > > >> > >> > Tomcat/TomEE
> > > > > >> > >> > > > you
> > > > > >> > >> > > > > > could use some URL rewriting to prevent access to
> > the
> > > > > >> > >> application.
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > > > Let us know if that's no good though, and we'll
> try
> > > and
> > > > > >> > suggest
> > > > > >> > >> > > > something
> > > > > >> > >> > > > > > else.
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > > > Jon
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath
> > Akila
> > > <
> > > > > >> > >> > > > > > ravindranathakila@gmail.com> wrote:
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > > > > Is there a very secure way I can prevent access
> > to
> > > or
> > > > > >> > disable
> > > > > >> > >> > > > /openejb
> > > > > >> > >> > > > > > > application?
> > > > > >> > >> > > > > > >
> > > > > >> > >> > > > > > > Thanks in Advance :)
> > > > > >> > >> > > > > > >
> > > > > >> > >> > > > > > > Akila...
> > > > > >> > >> > > > > > >
> > > > > >> > >> > > > > >
> > > > > >> > >> > > > >
> > > > > >> > >> > > > >
> > > > > >> > >> > > > >
> > > > > >> > >> > > > > --
> > > > > >> > >> > > > > Thanks!
> > > > > >> > >> > > > > Akila...
> > > > > >> > >> > > > >
> > > > > >> > >> > > >
> > > > > >> > >> > >
> > > > > >> > >> >
> > > > > >> > >>
> > > > > >> > >
> > > > > >> >
> > > > > >>
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Cheers!
> > > > > Akila...
> > > > >
> > > >
> > >
> >
>
Re: Preventing Access To /openejb
Posted by Ravindranath Akila <ra...@gmail.com>.
Hmmm true. Initially when installing I would've gone to /openejb and noticed
the 403 warning. That does not mean my app cannot access it. I would've
assumed if I cannot access it through the web, it won't work.
So best approach is after running the initial openejb tests at /openejb, put
back the context.
I'm glad you explained it. I'll put back the context.xml.
Thanks a lot!
On Oct 21, 2011 1:17 AM, "Romain Manni-Bucau" <rm...@gmail.com> wrote:
> no, keep it in openejb webapp, not in your webppa and it should do the
> trick
>
> - Romain
>
>
> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>
> > Since I deleted the context, right?
> > On Oct 20, 2011 11:23 PM, "Romain Manni-Bucau" <rm...@gmail.com>
> > wrote:
> >
> > > you modified the webapp but the context.xml is webapp relative so it
> > should
> > > prevent openejb to be accessed but not your webapp
> > >
> > > - Romain
> > >
> > >
> > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > >
> > > > Correction:
> > > > *So I did this for now in Tomcat:*
> > > >
> > > > <?xml version='1.0' encoding='utf-8'?>
> > > > <tomcat-users>
> > > > <role rolename="sample_role"/>
> > > > <user username="something" password="something"
> roles="sample_role"/>
> > > > </tomcat-users>
> > > >
> > > > *and in the web.xml of openejb:*
> > > >
> > > > <!-- Define a Security Constraint on this Application -->
> > > > <security-constraint>
> > > > <web-resource-collection>
> > > > <web-resource-name>OpenEJB Application</web-resource-name>
> > > > <url-pattern>/*</url-pattern>
> > > > </web-resource-collection>
> > > > <auth-constraint>
> > > > <role-name>sample_role</role-name>
> > > > </auth-constraint>
> > > > </security-constraint>
> > > >
> > > > <!-- Define the Login Configuration for this Application -->
> > > > <login-config>
> > > > <auth-method>BASIC</auth-method>
> > > > <realm-name>Application</realm-name>
> > > > </login-config>
> > > >
> > > > <!-- Security roles referenced by this web application -->
> > > > <security-role>
> > > > <description>
> > > > The role that is required to log in to the OpenEJB Application
> > > > </description>
> > > > <role-name>sample_role</role-name>
> > > > </security-role>
> > > >
> > > >
> > > > On Thu, Oct 20, 2011 at 11:18 PM, Ravindranath Akila <
> > > > ravindranathakila@gmail.com> wrote:
> > > >
> > > > > Depending how I look at it, it seems we are doing something a bit
> > odd.
> > > > Our
> > > > > webapp and EJB container(openejb) are the same Tomcat. Hence
> > > remote(web)
> > > > > access is required by the web application deployed as ROOT in the
> > > webapps
> > > > > directory of Tomcat.
> > > > >
> > > > > *So I did this for now in Tomcat:*
> > > > >
> > > > > <?xml version='1.0' encoding='utf-8'?>
> > > > > <tomcat-users>
> > > > > <role rolename="sample_role"/>
> > > > > <user username="something" password="something"
> > roles="sample_role"/>
> > > > > </tomcat-users>
> > > > >
> > > > > *and in the web.xml of openejb:*
> > > > >
> > > > > <!-- Define a Security Constraint on this Application -->
> > > > > <security-constraint>
> > > > > <web-resource-collection>
> > > > > <web-resource-name>OpenEJB Application</web-resource-name>
> > > > > <url-pattern>/*</url-pattern>
> > > > > </web-resource-collection>
> > > > > <auth-constraint>
> > > > > <role-name>ilp</role-name>
> > > > > </auth-constraint>
> > > > > </security-constraint>
> > > > >
> > > > > <!-- Define the Login Configuration for this Application -->
> > > > > <login-config>
> > > > > <auth-method>BASIC</auth-method>
> > > > > <realm-name>Application</realm-name>
> > > > > </login-config>
> > > > >
> > > > > <!-- Security roles referenced by this web application -->
> > > > > <security-role>
> > > > > <description>
> > > > > The role that is required to log in to the OpenEJB
> Application
> > > > > </description>
> > > > > <role-name>sample_role</role-name>
> > > > > </security-role>
> > > > >
> > > > >
> > > > > But I'm not sure if preventing in this manner is secure.
> > > > >
> > > > >
> > > > > On Thu, Oct 20, 2011 at 11:08 PM, Romain Manni-Bucau <
> > > > > rmannibucau@gmail.com> wrote:
> > > > >
> > > > >> hmm
> > > > >>
> > > > >> the openejb context.xml prevent the remote access to openejb
> webapp
> > > (for
> > > > >> security reasons).
> > > > >>
> > > > >> if you want security you should keep it and remote accesses will
> > > return
> > > > >> 403..
> > > > >>
> > > > >> i'm not sure i get the problem
> > > > >>
> > > > >> - Romain
> > > > >>
> > > > >>
> > > > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > > > >>
> > > > >> > As I guessed, the official documentation on resolving the HTTP
> > > Status
> > > > >> 403
> > > > >> > says to delete it(http://openejb.apache.org/tomcat.html). Is
> > there
> > > a
> > > > >> way
> > > > >> > of
> > > > >> > adding context.xml without getting 403?
> > > > >> >
> > > > >> > Thanks a lot for helping me out!
> > > > >> > On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <
> > > > >> > ravindranathakila@gmail.com>
> > > > >> > wrote:
> > > > >> >
> > > > >> > > You are right. It's on my local instance but not on the tomcat
> > > > >> instance
> > > > >> > on
> > > > >> > > the server. I'm checking why!
> > > > >> > > On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <
> > > > rmannibucau@gmail.com>
> > > > >> > > wrote:
> > > > >> > >
> > > > >> > >> well META-INF/context.xml should work and should already be
> in
> > > > >> > >> openejb.war.
> > > > >> > >>
> > > > >> > >> - Romain
> > > > >> > >>
> > > > >> > >>
> > > > >> > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > > > >> > >>
> > > > >> > >> > We use openejb.war by putting it in the Tomcat webapp
> folder
> > -
> > > > >> Tomcat
> > > > >> > >> being
> > > > >> > >> > an original fetched from Apache.
> > > > >> > >> >
> > > > >> > >> > I'm worried to go for TomEE since we've gone production.
> I'll
> > > try
> > > > >> what
> > > > >> > >> you
> > > > >> > >> > suggest and let you know how it goes.
> > > > >> > >> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> > > > >> > >> > jonathan.gallimore@gmail.com>
> > > > >> > >> > wrote:
> > > > >> > >> >
> > > > >> > >> > > You beat me to it, I was going to make the same
> suggestion.
> > > Are
> > > > >> you
> > > > >> > >> using
> > > > >> > >> > > our tomee-embedded module or are you hooking OpenEJB up
> to
> > an
> > > > >> > Embedded
> > > > >> > >> > > Tomcat in some other way? If you're hooking things up
> > > yourself,
> > > > >> if
> > > > >> > you
> > > > >> > >> > can
> > > > >> > >> > > post a bit of code showing what you're doing that would
> be
> > a
> > > > big
> > > > >> > help.
> > > > >> > >> > >
> > > > >> > >> > > Let us know if adding the context.xml doesn't work, we'll
> > try
> > > > and
> > > > >> > work
> > > > >> > >> > > something out for you.
> > > > >> > >> > >
> > > > >> > >> > > As for migrating to TomEE from how you're running at the
> > > moment
> > > > -
> > > > >> I
> > > > >> > >> guess
> > > > >> > >> > > that depends on your requirements. If you're not using
> our
> > > > >> > >> tomee-embedded
> > > > >> > >> > > module, it might be worth checking out. I've been playing
> > > > around
> > > > >> > with
> > > > >> > >> > > adding
> > > > >> > >> > > that to a .war so you can execute a the war using TomEE
> > just
> > > be
> > > > >> > doing
> > > > >> > >> a
> > > > >> > >> > > java
> > > > >> > >> > > -jar myapp.war, kind of like how the jenkins (
> > > > >> > http://jenkins-ci.org/)
> > > > >> > >> > war
> > > > >> > >> > > file works. I should have that going tonight - I can
> > > definitely
> > > > >> post
> > > > >> > >> that
> > > > >> > >> > > up
> > > > >> > >> > > here if you're interested.
> > > > >> > >> > >
> > > > >> > >> > > Jon
> > > > >> > >> > >
> > > > >> > >> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> > > > >> > >> > > <rm...@gmail.com>wrote:
> > > > >> > >> > >
> > > > >> > >> > > > i think if you start tomee-embedded and add to
> classpath
> > > the
> > > > >> > >> > context.xml
> > > > >> > >> > > > file it should work, can you give it a try?
> > > > >> > >> > > >
> > > > >> > >> > > > - Romain
> > > > >> > >> > > >
> > > > >> > >> > > >
> > > > >> > >> > > > 2011/10/20 Ravindranath Akila <
> > ravindranathakila@gmail.com
> > > >
> > > > >> > >> > > >
> > > > >> > >> > > > > We're using Tomcat Embedded mode. I don't find that
> > file
> > > in
> > > > >> the
> > > > >> > >> given
> > > > >> > >> > > > > directory.
> > > > >> > >> > > > >
> > > > >> > >> > > > > in CATALIBA_BASE/conf:
> > > > >> > >> > > > >
> > > > >> > >> > > > > Catalina catalina.policy catalina.properties
> > > context.xml
> > > > >> > >> > > > > logging.properties openejb.xml server.xml
> > > > >> > server.xml.original
> > > > >> > >> > > > > tomcat-users.xml web.xml
> > > > >> > >> > > > >
> > > > >> > >> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > > > >> > >> > > > >
> > > > >> > >> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt
> > > > dependencies.xml
> > > > >> > >> > > > > org.apache.openejb.tomcat
> > > > >> > >> > > > >
> > > > >> > >> > > > > are the files which I find.
> > > > >> > >> > > > >
> > > > >> > >> > > > > Do you think it is wise to port to TomEE ?
> > > > >> > >> > > > >
> > > > >> > >> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > > > >> > >> > > > > jonathan.gallimore@gmail.com> wrote:
> > > > >> > >> > > > >
> > > > >> > >> > > > > > I think we restrict access by ip address to
> localhost
> > > by
> > > > >> > >> default.
> > > > >> > >> > > Check
> > > > >> > >> > > > > out
> > > > >> > >> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml
> -
> > > > maybe
> > > > >> > you
> > > > >> > >> can
> > > > >> > >> > > > edit
> > > > >> > >> > > > > > that to meet your needs.
> > > > >> > >> > > > > >
> > > > >> > >> > > > > > By default the config in that file is:
> > > > >> > >> > > > > >
> > > > >> > >> > > > > > <Context>
> > > > >> > >> > > > > > <Valve
> > > > >> className="org.apache.catalina.valves.RemoteAddrValve"
> > > > >> > >> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$"
> > > > deny=""/>
> > > > >> > >> > > > > > </Context>
> > > > >> > >> > > > > >
> > > > >> > >> > > > > > There might be other valve you could add that might
> > do
> > > > what
> > > > >> > you
> > > > >> > >> > want.
> > > > >> > >> > > > > >
> > > > >> > >> > > > > > Alternatively if you're using a HTTP server in
> front
> > of
> > > > >> > >> > Tomcat/TomEE
> > > > >> > >> > > > you
> > > > >> > >> > > > > > could use some URL rewriting to prevent access to
> the
> > > > >> > >> application.
> > > > >> > >> > > > > >
> > > > >> > >> > > > > > Let us know if that's no good though, and we'll try
> > and
> > > > >> > suggest
> > > > >> > >> > > > something
> > > > >> > >> > > > > > else.
> > > > >> > >> > > > > >
> > > > >> > >> > > > > > Jon
> > > > >> > >> > > > > >
> > > > >> > >> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath
> Akila
> > <
> > > > >> > >> > > > > > ravindranathakila@gmail.com> wrote:
> > > > >> > >> > > > > >
> > > > >> > >> > > > > > > Is there a very secure way I can prevent access
> to
> > or
> > > > >> > disable
> > > > >> > >> > > > /openejb
> > > > >> > >> > > > > > > application?
> > > > >> > >> > > > > > >
> > > > >> > >> > > > > > > Thanks in Advance :)
> > > > >> > >> > > > > > >
> > > > >> > >> > > > > > > Akila...
> > > > >> > >> > > > > > >
> > > > >> > >> > > > > >
> > > > >> > >> > > > >
> > > > >> > >> > > > >
> > > > >> > >> > > > >
> > > > >> > >> > > > > --
> > > > >> > >> > > > > Thanks!
> > > > >> > >> > > > > Akila...
> > > > >> > >> > > > >
> > > > >> > >> > > >
> > > > >> > >> > >
> > > > >> > >> >
> > > > >> > >>
> > > > >> > >
> > > > >> >
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Cheers!
> > > > Akila...
> > > >
> > >
> >
>
Re: Preventing Access To /openejb
Posted by Romain Manni-Bucau <rm...@gmail.com>.
no, keep it in openejb webapp, not in your webppa and it should do the trick
- Romain
2011/10/20 Ravindranath Akila <ra...@gmail.com>
> Since I deleted the context, right?
> On Oct 20, 2011 11:23 PM, "Romain Manni-Bucau" <rm...@gmail.com>
> wrote:
>
> > you modified the webapp but the context.xml is webapp relative so it
> should
> > prevent openejb to be accessed but not your webapp
> >
> > - Romain
> >
> >
> > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >
> > > Correction:
> > > *So I did this for now in Tomcat:*
> > >
> > > <?xml version='1.0' encoding='utf-8'?>
> > > <tomcat-users>
> > > <role rolename="sample_role"/>
> > > <user username="something" password="something" roles="sample_role"/>
> > > </tomcat-users>
> > >
> > > *and in the web.xml of openejb:*
> > >
> > > <!-- Define a Security Constraint on this Application -->
> > > <security-constraint>
> > > <web-resource-collection>
> > > <web-resource-name>OpenEJB Application</web-resource-name>
> > > <url-pattern>/*</url-pattern>
> > > </web-resource-collection>
> > > <auth-constraint>
> > > <role-name>sample_role</role-name>
> > > </auth-constraint>
> > > </security-constraint>
> > >
> > > <!-- Define the Login Configuration for this Application -->
> > > <login-config>
> > > <auth-method>BASIC</auth-method>
> > > <realm-name>Application</realm-name>
> > > </login-config>
> > >
> > > <!-- Security roles referenced by this web application -->
> > > <security-role>
> > > <description>
> > > The role that is required to log in to the OpenEJB Application
> > > </description>
> > > <role-name>sample_role</role-name>
> > > </security-role>
> > >
> > >
> > > On Thu, Oct 20, 2011 at 11:18 PM, Ravindranath Akila <
> > > ravindranathakila@gmail.com> wrote:
> > >
> > > > Depending how I look at it, it seems we are doing something a bit
> odd.
> > > Our
> > > > webapp and EJB container(openejb) are the same Tomcat. Hence
> > remote(web)
> > > > access is required by the web application deployed as ROOT in the
> > webapps
> > > > directory of Tomcat.
> > > >
> > > > *So I did this for now in Tomcat:*
> > > >
> > > > <?xml version='1.0' encoding='utf-8'?>
> > > > <tomcat-users>
> > > > <role rolename="sample_role"/>
> > > > <user username="something" password="something"
> roles="sample_role"/>
> > > > </tomcat-users>
> > > >
> > > > *and in the web.xml of openejb:*
> > > >
> > > > <!-- Define a Security Constraint on this Application -->
> > > > <security-constraint>
> > > > <web-resource-collection>
> > > > <web-resource-name>OpenEJB Application</web-resource-name>
> > > > <url-pattern>/*</url-pattern>
> > > > </web-resource-collection>
> > > > <auth-constraint>
> > > > <role-name>ilp</role-name>
> > > > </auth-constraint>
> > > > </security-constraint>
> > > >
> > > > <!-- Define the Login Configuration for this Application -->
> > > > <login-config>
> > > > <auth-method>BASIC</auth-method>
> > > > <realm-name>Application</realm-name>
> > > > </login-config>
> > > >
> > > > <!-- Security roles referenced by this web application -->
> > > > <security-role>
> > > > <description>
> > > > The role that is required to log in to the OpenEJB Application
> > > > </description>
> > > > <role-name>sample_role</role-name>
> > > > </security-role>
> > > >
> > > >
> > > > But I'm not sure if preventing in this manner is secure.
> > > >
> > > >
> > > > On Thu, Oct 20, 2011 at 11:08 PM, Romain Manni-Bucau <
> > > > rmannibucau@gmail.com> wrote:
> > > >
> > > >> hmm
> > > >>
> > > >> the openejb context.xml prevent the remote access to openejb webapp
> > (for
> > > >> security reasons).
> > > >>
> > > >> if you want security you should keep it and remote accesses will
> > return
> > > >> 403..
> > > >>
> > > >> i'm not sure i get the problem
> > > >>
> > > >> - Romain
> > > >>
> > > >>
> > > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > > >>
> > > >> > As I guessed, the official documentation on resolving the HTTP
> > Status
> > > >> 403
> > > >> > says to delete it(http://openejb.apache.org/tomcat.html). Is
> there
> > a
> > > >> way
> > > >> > of
> > > >> > adding context.xml without getting 403?
> > > >> >
> > > >> > Thanks a lot for helping me out!
> > > >> > On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <
> > > >> > ravindranathakila@gmail.com>
> > > >> > wrote:
> > > >> >
> > > >> > > You are right. It's on my local instance but not on the tomcat
> > > >> instance
> > > >> > on
> > > >> > > the server. I'm checking why!
> > > >> > > On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <
> > > rmannibucau@gmail.com>
> > > >> > > wrote:
> > > >> > >
> > > >> > >> well META-INF/context.xml should work and should already be in
> > > >> > >> openejb.war.
> > > >> > >>
> > > >> > >> - Romain
> > > >> > >>
> > > >> > >>
> > > >> > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > > >> > >>
> > > >> > >> > We use openejb.war by putting it in the Tomcat webapp folder
> -
> > > >> Tomcat
> > > >> > >> being
> > > >> > >> > an original fetched from Apache.
> > > >> > >> >
> > > >> > >> > I'm worried to go for TomEE since we've gone production. I'll
> > try
> > > >> what
> > > >> > >> you
> > > >> > >> > suggest and let you know how it goes.
> > > >> > >> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> > > >> > >> > jonathan.gallimore@gmail.com>
> > > >> > >> > wrote:
> > > >> > >> >
> > > >> > >> > > You beat me to it, I was going to make the same suggestion.
> > Are
> > > >> you
> > > >> > >> using
> > > >> > >> > > our tomee-embedded module or are you hooking OpenEJB up to
> an
> > > >> > Embedded
> > > >> > >> > > Tomcat in some other way? If you're hooking things up
> > yourself,
> > > >> if
> > > >> > you
> > > >> > >> > can
> > > >> > >> > > post a bit of code showing what you're doing that would be
> a
> > > big
> > > >> > help.
> > > >> > >> > >
> > > >> > >> > > Let us know if adding the context.xml doesn't work, we'll
> try
> > > and
> > > >> > work
> > > >> > >> > > something out for you.
> > > >> > >> > >
> > > >> > >> > > As for migrating to TomEE from how you're running at the
> > moment
> > > -
> > > >> I
> > > >> > >> guess
> > > >> > >> > > that depends on your requirements. If you're not using our
> > > >> > >> tomee-embedded
> > > >> > >> > > module, it might be worth checking out. I've been playing
> > > around
> > > >> > with
> > > >> > >> > > adding
> > > >> > >> > > that to a .war so you can execute a the war using TomEE
> just
> > be
> > > >> > doing
> > > >> > >> a
> > > >> > >> > > java
> > > >> > >> > > -jar myapp.war, kind of like how the jenkins (
> > > >> > http://jenkins-ci.org/)
> > > >> > >> > war
> > > >> > >> > > file works. I should have that going tonight - I can
> > definitely
> > > >> post
> > > >> > >> that
> > > >> > >> > > up
> > > >> > >> > > here if you're interested.
> > > >> > >> > >
> > > >> > >> > > Jon
> > > >> > >> > >
> > > >> > >> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> > > >> > >> > > <rm...@gmail.com>wrote:
> > > >> > >> > >
> > > >> > >> > > > i think if you start tomee-embedded and add to classpath
> > the
> > > >> > >> > context.xml
> > > >> > >> > > > file it should work, can you give it a try?
> > > >> > >> > > >
> > > >> > >> > > > - Romain
> > > >> > >> > > >
> > > >> > >> > > >
> > > >> > >> > > > 2011/10/20 Ravindranath Akila <
> ravindranathakila@gmail.com
> > >
> > > >> > >> > > >
> > > >> > >> > > > > We're using Tomcat Embedded mode. I don't find that
> file
> > in
> > > >> the
> > > >> > >> given
> > > >> > >> > > > > directory.
> > > >> > >> > > > >
> > > >> > >> > > > > in CATALIBA_BASE/conf:
> > > >> > >> > > > >
> > > >> > >> > > > > Catalina catalina.policy catalina.properties
> > context.xml
> > > >> > >> > > > > logging.properties openejb.xml server.xml
> > > >> > server.xml.original
> > > >> > >> > > > > tomcat-users.xml web.xml
> > > >> > >> > > > >
> > > >> > >> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > > >> > >> > > > >
> > > >> > >> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt
> > > dependencies.xml
> > > >> > >> > > > > org.apache.openejb.tomcat
> > > >> > >> > > > >
> > > >> > >> > > > > are the files which I find.
> > > >> > >> > > > >
> > > >> > >> > > > > Do you think it is wise to port to TomEE ?
> > > >> > >> > > > >
> > > >> > >> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > > >> > >> > > > > jonathan.gallimore@gmail.com> wrote:
> > > >> > >> > > > >
> > > >> > >> > > > > > I think we restrict access by ip address to localhost
> > by
> > > >> > >> default.
> > > >> > >> > > Check
> > > >> > >> > > > > out
> > > >> > >> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml -
> > > maybe
> > > >> > you
> > > >> > >> can
> > > >> > >> > > > edit
> > > >> > >> > > > > > that to meet your needs.
> > > >> > >> > > > > >
> > > >> > >> > > > > > By default the config in that file is:
> > > >> > >> > > > > >
> > > >> > >> > > > > > <Context>
> > > >> > >> > > > > > <Valve
> > > >> className="org.apache.catalina.valves.RemoteAddrValve"
> > > >> > >> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$"
> > > deny=""/>
> > > >> > >> > > > > > </Context>
> > > >> > >> > > > > >
> > > >> > >> > > > > > There might be other valve you could add that might
> do
> > > what
> > > >> > you
> > > >> > >> > want.
> > > >> > >> > > > > >
> > > >> > >> > > > > > Alternatively if you're using a HTTP server in front
> of
> > > >> > >> > Tomcat/TomEE
> > > >> > >> > > > you
> > > >> > >> > > > > > could use some URL rewriting to prevent access to the
> > > >> > >> application.
> > > >> > >> > > > > >
> > > >> > >> > > > > > Let us know if that's no good though, and we'll try
> and
> > > >> > suggest
> > > >> > >> > > > something
> > > >> > >> > > > > > else.
> > > >> > >> > > > > >
> > > >> > >> > > > > > Jon
> > > >> > >> > > > > >
> > > >> > >> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila
> <
> > > >> > >> > > > > > ravindranathakila@gmail.com> wrote:
> > > >> > >> > > > > >
> > > >> > >> > > > > > > Is there a very secure way I can prevent access to
> or
> > > >> > disable
> > > >> > >> > > > /openejb
> > > >> > >> > > > > > > application?
> > > >> > >> > > > > > >
> > > >> > >> > > > > > > Thanks in Advance :)
> > > >> > >> > > > > > >
> > > >> > >> > > > > > > Akila...
> > > >> > >> > > > > > >
> > > >> > >> > > > > >
> > > >> > >> > > > >
> > > >> > >> > > > >
> > > >> > >> > > > >
> > > >> > >> > > > > --
> > > >> > >> > > > > Thanks!
> > > >> > >> > > > > Akila...
> > > >> > >> > > > >
> > > >> > >> > > >
> > > >> > >> > >
> > > >> > >> >
> > > >> > >>
> > > >> > >
> > > >> >
> > > >>
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Cheers!
> > > Akila...
> > >
> >
>
Re: Preventing Access To /openejb
Posted by Ravindranath Akila <ra...@gmail.com>.
Since I deleted the context, right?
On Oct 20, 2011 11:23 PM, "Romain Manni-Bucau" <rm...@gmail.com>
wrote:
> you modified the webapp but the context.xml is webapp relative so it should
> prevent openejb to be accessed but not your webapp
>
> - Romain
>
>
> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>
> > Correction:
> > *So I did this for now in Tomcat:*
> >
> > <?xml version='1.0' encoding='utf-8'?>
> > <tomcat-users>
> > <role rolename="sample_role"/>
> > <user username="something" password="something" roles="sample_role"/>
> > </tomcat-users>
> >
> > *and in the web.xml of openejb:*
> >
> > <!-- Define a Security Constraint on this Application -->
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>OpenEJB Application</web-resource-name>
> > <url-pattern>/*</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>sample_role</role-name>
> > </auth-constraint>
> > </security-constraint>
> >
> > <!-- Define the Login Configuration for this Application -->
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>Application</realm-name>
> > </login-config>
> >
> > <!-- Security roles referenced by this web application -->
> > <security-role>
> > <description>
> > The role that is required to log in to the OpenEJB Application
> > </description>
> > <role-name>sample_role</role-name>
> > </security-role>
> >
> >
> > On Thu, Oct 20, 2011 at 11:18 PM, Ravindranath Akila <
> > ravindranathakila@gmail.com> wrote:
> >
> > > Depending how I look at it, it seems we are doing something a bit odd.
> > Our
> > > webapp and EJB container(openejb) are the same Tomcat. Hence
> remote(web)
> > > access is required by the web application deployed as ROOT in the
> webapps
> > > directory of Tomcat.
> > >
> > > *So I did this for now in Tomcat:*
> > >
> > > <?xml version='1.0' encoding='utf-8'?>
> > > <tomcat-users>
> > > <role rolename="sample_role"/>
> > > <user username="something" password="something" roles="sample_role"/>
> > > </tomcat-users>
> > >
> > > *and in the web.xml of openejb:*
> > >
> > > <!-- Define a Security Constraint on this Application -->
> > > <security-constraint>
> > > <web-resource-collection>
> > > <web-resource-name>OpenEJB Application</web-resource-name>
> > > <url-pattern>/*</url-pattern>
> > > </web-resource-collection>
> > > <auth-constraint>
> > > <role-name>ilp</role-name>
> > > </auth-constraint>
> > > </security-constraint>
> > >
> > > <!-- Define the Login Configuration for this Application -->
> > > <login-config>
> > > <auth-method>BASIC</auth-method>
> > > <realm-name>Application</realm-name>
> > > </login-config>
> > >
> > > <!-- Security roles referenced by this web application -->
> > > <security-role>
> > > <description>
> > > The role that is required to log in to the OpenEJB Application
> > > </description>
> > > <role-name>sample_role</role-name>
> > > </security-role>
> > >
> > >
> > > But I'm not sure if preventing in this manner is secure.
> > >
> > >
> > > On Thu, Oct 20, 2011 at 11:08 PM, Romain Manni-Bucau <
> > > rmannibucau@gmail.com> wrote:
> > >
> > >> hmm
> > >>
> > >> the openejb context.xml prevent the remote access to openejb webapp
> (for
> > >> security reasons).
> > >>
> > >> if you want security you should keep it and remote accesses will
> return
> > >> 403..
> > >>
> > >> i'm not sure i get the problem
> > >>
> > >> - Romain
> > >>
> > >>
> > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > >>
> > >> > As I guessed, the official documentation on resolving the HTTP
> Status
> > >> 403
> > >> > says to delete it(http://openejb.apache.org/tomcat.html). Is there
> a
> > >> way
> > >> > of
> > >> > adding context.xml without getting 403?
> > >> >
> > >> > Thanks a lot for helping me out!
> > >> > On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <
> > >> > ravindranathakila@gmail.com>
> > >> > wrote:
> > >> >
> > >> > > You are right. It's on my local instance but not on the tomcat
> > >> instance
> > >> > on
> > >> > > the server. I'm checking why!
> > >> > > On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <
> > rmannibucau@gmail.com>
> > >> > > wrote:
> > >> > >
> > >> > >> well META-INF/context.xml should work and should already be in
> > >> > >> openejb.war.
> > >> > >>
> > >> > >> - Romain
> > >> > >>
> > >> > >>
> > >> > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > >> > >>
> > >> > >> > We use openejb.war by putting it in the Tomcat webapp folder -
> > >> Tomcat
> > >> > >> being
> > >> > >> > an original fetched from Apache.
> > >> > >> >
> > >> > >> > I'm worried to go for TomEE since we've gone production. I'll
> try
> > >> what
> > >> > >> you
> > >> > >> > suggest and let you know how it goes.
> > >> > >> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> > >> > >> > jonathan.gallimore@gmail.com>
> > >> > >> > wrote:
> > >> > >> >
> > >> > >> > > You beat me to it, I was going to make the same suggestion.
> Are
> > >> you
> > >> > >> using
> > >> > >> > > our tomee-embedded module or are you hooking OpenEJB up to an
> > >> > Embedded
> > >> > >> > > Tomcat in some other way? If you're hooking things up
> yourself,
> > >> if
> > >> > you
> > >> > >> > can
> > >> > >> > > post a bit of code showing what you're doing that would be a
> > big
> > >> > help.
> > >> > >> > >
> > >> > >> > > Let us know if adding the context.xml doesn't work, we'll try
> > and
> > >> > work
> > >> > >> > > something out for you.
> > >> > >> > >
> > >> > >> > > As for migrating to TomEE from how you're running at the
> moment
> > -
> > >> I
> > >> > >> guess
> > >> > >> > > that depends on your requirements. If you're not using our
> > >> > >> tomee-embedded
> > >> > >> > > module, it might be worth checking out. I've been playing
> > around
> > >> > with
> > >> > >> > > adding
> > >> > >> > > that to a .war so you can execute a the war using TomEE just
> be
> > >> > doing
> > >> > >> a
> > >> > >> > > java
> > >> > >> > > -jar myapp.war, kind of like how the jenkins (
> > >> > http://jenkins-ci.org/)
> > >> > >> > war
> > >> > >> > > file works. I should have that going tonight - I can
> definitely
> > >> post
> > >> > >> that
> > >> > >> > > up
> > >> > >> > > here if you're interested.
> > >> > >> > >
> > >> > >> > > Jon
> > >> > >> > >
> > >> > >> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> > >> > >> > > <rm...@gmail.com>wrote:
> > >> > >> > >
> > >> > >> > > > i think if you start tomee-embedded and add to classpath
> the
> > >> > >> > context.xml
> > >> > >> > > > file it should work, can you give it a try?
> > >> > >> > > >
> > >> > >> > > > - Romain
> > >> > >> > > >
> > >> > >> > > >
> > >> > >> > > > 2011/10/20 Ravindranath Akila <ravindranathakila@gmail.com
> >
> > >> > >> > > >
> > >> > >> > > > > We're using Tomcat Embedded mode. I don't find that file
> in
> > >> the
> > >> > >> given
> > >> > >> > > > > directory.
> > >> > >> > > > >
> > >> > >> > > > > in CATALIBA_BASE/conf:
> > >> > >> > > > >
> > >> > >> > > > > Catalina catalina.policy catalina.properties
> context.xml
> > >> > >> > > > > logging.properties openejb.xml server.xml
> > >> > server.xml.original
> > >> > >> > > > > tomcat-users.xml web.xml
> > >> > >> > > > >
> > >> > >> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > >> > >> > > > >
> > >> > >> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt
> > dependencies.xml
> > >> > >> > > > > org.apache.openejb.tomcat
> > >> > >> > > > >
> > >> > >> > > > > are the files which I find.
> > >> > >> > > > >
> > >> > >> > > > > Do you think it is wise to port to TomEE ?
> > >> > >> > > > >
> > >> > >> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > >> > >> > > > > jonathan.gallimore@gmail.com> wrote:
> > >> > >> > > > >
> > >> > >> > > > > > I think we restrict access by ip address to localhost
> by
> > >> > >> default.
> > >> > >> > > Check
> > >> > >> > > > > out
> > >> > >> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml -
> > maybe
> > >> > you
> > >> > >> can
> > >> > >> > > > edit
> > >> > >> > > > > > that to meet your needs.
> > >> > >> > > > > >
> > >> > >> > > > > > By default the config in that file is:
> > >> > >> > > > > >
> > >> > >> > > > > > <Context>
> > >> > >> > > > > > <Valve
> > >> className="org.apache.catalina.valves.RemoteAddrValve"
> > >> > >> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$"
> > deny=""/>
> > >> > >> > > > > > </Context>
> > >> > >> > > > > >
> > >> > >> > > > > > There might be other valve you could add that might do
> > what
> > >> > you
> > >> > >> > want.
> > >> > >> > > > > >
> > >> > >> > > > > > Alternatively if you're using a HTTP server in front of
> > >> > >> > Tomcat/TomEE
> > >> > >> > > > you
> > >> > >> > > > > > could use some URL rewriting to prevent access to the
> > >> > >> application.
> > >> > >> > > > > >
> > >> > >> > > > > > Let us know if that's no good though, and we'll try and
> > >> > suggest
> > >> > >> > > > something
> > >> > >> > > > > > else.
> > >> > >> > > > > >
> > >> > >> > > > > > Jon
> > >> > >> > > > > >
> > >> > >> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> > >> > >> > > > > > ravindranathakila@gmail.com> wrote:
> > >> > >> > > > > >
> > >> > >> > > > > > > Is there a very secure way I can prevent access to or
> > >> > disable
> > >> > >> > > > /openejb
> > >> > >> > > > > > > application?
> > >> > >> > > > > > >
> > >> > >> > > > > > > Thanks in Advance :)
> > >> > >> > > > > > >
> > >> > >> > > > > > > Akila...
> > >> > >> > > > > > >
> > >> > >> > > > > >
> > >> > >> > > > >
> > >> > >> > > > >
> > >> > >> > > > >
> > >> > >> > > > > --
> > >> > >> > > > > Thanks!
> > >> > >> > > > > Akila...
> > >> > >> > > > >
> > >> > >> > > >
> > >> > >> > >
> > >> > >> >
> > >> > >>
> > >> > >
> > >> >
> > >>
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Cheers!
> > Akila...
> >
>
Re: Preventing Access To /openejb
Posted by Romain Manni-Bucau <rm...@gmail.com>.
you modified the webapp but the context.xml is webapp relative so it should
prevent openejb to be accessed but not your webapp
- Romain
2011/10/20 Ravindranath Akila <ra...@gmail.com>
> Correction:
> *So I did this for now in Tomcat:*
>
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
> <role rolename="sample_role"/>
> <user username="something" password="something" roles="sample_role"/>
> </tomcat-users>
>
> *and in the web.xml of openejb:*
>
> <!-- Define a Security Constraint on this Application -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>OpenEJB Application</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>sample_role</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Define the Login Configuration for this Application -->
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Application</realm-name>
> </login-config>
>
> <!-- Security roles referenced by this web application -->
> <security-role>
> <description>
> The role that is required to log in to the OpenEJB Application
> </description>
> <role-name>sample_role</role-name>
> </security-role>
>
>
> On Thu, Oct 20, 2011 at 11:18 PM, Ravindranath Akila <
> ravindranathakila@gmail.com> wrote:
>
> > Depending how I look at it, it seems we are doing something a bit odd.
> Our
> > webapp and EJB container(openejb) are the same Tomcat. Hence remote(web)
> > access is required by the web application deployed as ROOT in the webapps
> > directory of Tomcat.
> >
> > *So I did this for now in Tomcat:*
> >
> > <?xml version='1.0' encoding='utf-8'?>
> > <tomcat-users>
> > <role rolename="sample_role"/>
> > <user username="something" password="something" roles="sample_role"/>
> > </tomcat-users>
> >
> > *and in the web.xml of openejb:*
> >
> > <!-- Define a Security Constraint on this Application -->
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>OpenEJB Application</web-resource-name>
> > <url-pattern>/*</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>ilp</role-name>
> > </auth-constraint>
> > </security-constraint>
> >
> > <!-- Define the Login Configuration for this Application -->
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>Application</realm-name>
> > </login-config>
> >
> > <!-- Security roles referenced by this web application -->
> > <security-role>
> > <description>
> > The role that is required to log in to the OpenEJB Application
> > </description>
> > <role-name>sample_role</role-name>
> > </security-role>
> >
> >
> > But I'm not sure if preventing in this manner is secure.
> >
> >
> > On Thu, Oct 20, 2011 at 11:08 PM, Romain Manni-Bucau <
> > rmannibucau@gmail.com> wrote:
> >
> >> hmm
> >>
> >> the openejb context.xml prevent the remote access to openejb webapp (for
> >> security reasons).
> >>
> >> if you want security you should keep it and remote accesses will return
> >> 403..
> >>
> >> i'm not sure i get the problem
> >>
> >> - Romain
> >>
> >>
> >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >>
> >> > As I guessed, the official documentation on resolving the HTTP Status
> >> 403
> >> > says to delete it(http://openejb.apache.org/tomcat.html). Is there a
> >> way
> >> > of
> >> > adding context.xml without getting 403?
> >> >
> >> > Thanks a lot for helping me out!
> >> > On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <
> >> > ravindranathakila@gmail.com>
> >> > wrote:
> >> >
> >> > > You are right. It's on my local instance but not on the tomcat
> >> instance
> >> > on
> >> > > the server. I'm checking why!
> >> > > On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <
> rmannibucau@gmail.com>
> >> > > wrote:
> >> > >
> >> > >> well META-INF/context.xml should work and should already be in
> >> > >> openejb.war.
> >> > >>
> >> > >> - Romain
> >> > >>
> >> > >>
> >> > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >> > >>
> >> > >> > We use openejb.war by putting it in the Tomcat webapp folder -
> >> Tomcat
> >> > >> being
> >> > >> > an original fetched from Apache.
> >> > >> >
> >> > >> > I'm worried to go for TomEE since we've gone production. I'll try
> >> what
> >> > >> you
> >> > >> > suggest and let you know how it goes.
> >> > >> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> >> > >> > jonathan.gallimore@gmail.com>
> >> > >> > wrote:
> >> > >> >
> >> > >> > > You beat me to it, I was going to make the same suggestion. Are
> >> you
> >> > >> using
> >> > >> > > our tomee-embedded module or are you hooking OpenEJB up to an
> >> > Embedded
> >> > >> > > Tomcat in some other way? If you're hooking things up yourself,
> >> if
> >> > you
> >> > >> > can
> >> > >> > > post a bit of code showing what you're doing that would be a
> big
> >> > help.
> >> > >> > >
> >> > >> > > Let us know if adding the context.xml doesn't work, we'll try
> and
> >> > work
> >> > >> > > something out for you.
> >> > >> > >
> >> > >> > > As for migrating to TomEE from how you're running at the moment
> -
> >> I
> >> > >> guess
> >> > >> > > that depends on your requirements. If you're not using our
> >> > >> tomee-embedded
> >> > >> > > module, it might be worth checking out. I've been playing
> around
> >> > with
> >> > >> > > adding
> >> > >> > > that to a .war so you can execute a the war using TomEE just be
> >> > doing
> >> > >> a
> >> > >> > > java
> >> > >> > > -jar myapp.war, kind of like how the jenkins (
> >> > http://jenkins-ci.org/)
> >> > >> > war
> >> > >> > > file works. I should have that going tonight - I can definitely
> >> post
> >> > >> that
> >> > >> > > up
> >> > >> > > here if you're interested.
> >> > >> > >
> >> > >> > > Jon
> >> > >> > >
> >> > >> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> >> > >> > > <rm...@gmail.com>wrote:
> >> > >> > >
> >> > >> > > > i think if you start tomee-embedded and add to classpath the
> >> > >> > context.xml
> >> > >> > > > file it should work, can you give it a try?
> >> > >> > > >
> >> > >> > > > - Romain
> >> > >> > > >
> >> > >> > > >
> >> > >> > > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >> > >> > > >
> >> > >> > > > > We're using Tomcat Embedded mode. I don't find that file in
> >> the
> >> > >> given
> >> > >> > > > > directory.
> >> > >> > > > >
> >> > >> > > > > in CATALIBA_BASE/conf:
> >> > >> > > > >
> >> > >> > > > > Catalina catalina.policy catalina.properties context.xml
> >> > >> > > > > logging.properties openejb.xml server.xml
> >> > server.xml.original
> >> > >> > > > > tomcat-users.xml web.xml
> >> > >> > > > >
> >> > >> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> >> > >> > > > >
> >> > >> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt
> dependencies.xml
> >> > >> > > > > org.apache.openejb.tomcat
> >> > >> > > > >
> >> > >> > > > > are the files which I find.
> >> > >> > > > >
> >> > >> > > > > Do you think it is wise to port to TomEE ?
> >> > >> > > > >
> >> > >> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> >> > >> > > > > jonathan.gallimore@gmail.com> wrote:
> >> > >> > > > >
> >> > >> > > > > > I think we restrict access by ip address to localhost by
> >> > >> default.
> >> > >> > > Check
> >> > >> > > > > out
> >> > >> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml -
> maybe
> >> > you
> >> > >> can
> >> > >> > > > edit
> >> > >> > > > > > that to meet your needs.
> >> > >> > > > > >
> >> > >> > > > > > By default the config in that file is:
> >> > >> > > > > >
> >> > >> > > > > > <Context>
> >> > >> > > > > > <Valve
> >> className="org.apache.catalina.valves.RemoteAddrValve"
> >> > >> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$"
> deny=""/>
> >> > >> > > > > > </Context>
> >> > >> > > > > >
> >> > >> > > > > > There might be other valve you could add that might do
> what
> >> > you
> >> > >> > want.
> >> > >> > > > > >
> >> > >> > > > > > Alternatively if you're using a HTTP server in front of
> >> > >> > Tomcat/TomEE
> >> > >> > > > you
> >> > >> > > > > > could use some URL rewriting to prevent access to the
> >> > >> application.
> >> > >> > > > > >
> >> > >> > > > > > Let us know if that's no good though, and we'll try and
> >> > suggest
> >> > >> > > > something
> >> > >> > > > > > else.
> >> > >> > > > > >
> >> > >> > > > > > Jon
> >> > >> > > > > >
> >> > >> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> >> > >> > > > > > ravindranathakila@gmail.com> wrote:
> >> > >> > > > > >
> >> > >> > > > > > > Is there a very secure way I can prevent access to or
> >> > disable
> >> > >> > > > /openejb
> >> > >> > > > > > > application?
> >> > >> > > > > > >
> >> > >> > > > > > > Thanks in Advance :)
> >> > >> > > > > > >
> >> > >> > > > > > > Akila...
> >> > >> > > > > > >
> >> > >> > > > > >
> >> > >> > > > >
> >> > >> > > > >
> >> > >> > > > >
> >> > >> > > > > --
> >> > >> > > > > Thanks!
> >> > >> > > > > Akila...
> >> > >> > > > >
> >> > >> > > >
> >> > >> > >
> >> > >> >
> >> > >>
> >> > >
> >> >
> >>
> >
> >
> >
> >
>
>
> --
> Cheers!
> Akila...
>
Re: Preventing Access To /openejb
Posted by Ravindranath Akila <ra...@gmail.com>.
Correction:
*So I did this for now in Tomcat:*
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="sample_role"/>
<user username="something" password="something" roles="sample_role"/>
</tomcat-users>
*and in the web.xml of openejb:*
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>OpenEJB Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>sample_role</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the OpenEJB Application
</description>
<role-name>sample_role</role-name>
</security-role>
On Thu, Oct 20, 2011 at 11:18 PM, Ravindranath Akila <
ravindranathakila@gmail.com> wrote:
> Depending how I look at it, it seems we are doing something a bit odd. Our
> webapp and EJB container(openejb) are the same Tomcat. Hence remote(web)
> access is required by the web application deployed as ROOT in the webapps
> directory of Tomcat.
>
> *So I did this for now in Tomcat:*
>
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
> <role rolename="sample_role"/>
> <user username="something" password="something" roles="sample_role"/>
> </tomcat-users>
>
> *and in the web.xml of openejb:*
>
> <!-- Define a Security Constraint on this Application -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>OpenEJB Application</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>ilp</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Define the Login Configuration for this Application -->
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Application</realm-name>
> </login-config>
>
> <!-- Security roles referenced by this web application -->
> <security-role>
> <description>
> The role that is required to log in to the OpenEJB Application
> </description>
> <role-name>sample_role</role-name>
> </security-role>
>
>
> But I'm not sure if preventing in this manner is secure.
>
>
> On Thu, Oct 20, 2011 at 11:08 PM, Romain Manni-Bucau <
> rmannibucau@gmail.com> wrote:
>
>> hmm
>>
>> the openejb context.xml prevent the remote access to openejb webapp (for
>> security reasons).
>>
>> if you want security you should keep it and remote accesses will return
>> 403..
>>
>> i'm not sure i get the problem
>>
>> - Romain
>>
>>
>> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>>
>> > As I guessed, the official documentation on resolving the HTTP Status
>> 403
>> > says to delete it(http://openejb.apache.org/tomcat.html). Is there a
>> way
>> > of
>> > adding context.xml without getting 403?
>> >
>> > Thanks a lot for helping me out!
>> > On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <
>> > ravindranathakila@gmail.com>
>> > wrote:
>> >
>> > > You are right. It's on my local instance but not on the tomcat
>> instance
>> > on
>> > > the server. I'm checking why!
>> > > On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <rm...@gmail.com>
>> > > wrote:
>> > >
>> > >> well META-INF/context.xml should work and should already be in
>> > >> openejb.war.
>> > >>
>> > >> - Romain
>> > >>
>> > >>
>> > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>> > >>
>> > >> > We use openejb.war by putting it in the Tomcat webapp folder -
>> Tomcat
>> > >> being
>> > >> > an original fetched from Apache.
>> > >> >
>> > >> > I'm worried to go for TomEE since we've gone production. I'll try
>> what
>> > >> you
>> > >> > suggest and let you know how it goes.
>> > >> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
>> > >> > jonathan.gallimore@gmail.com>
>> > >> > wrote:
>> > >> >
>> > >> > > You beat me to it, I was going to make the same suggestion. Are
>> you
>> > >> using
>> > >> > > our tomee-embedded module or are you hooking OpenEJB up to an
>> > Embedded
>> > >> > > Tomcat in some other way? If you're hooking things up yourself,
>> if
>> > you
>> > >> > can
>> > >> > > post a bit of code showing what you're doing that would be a big
>> > help.
>> > >> > >
>> > >> > > Let us know if adding the context.xml doesn't work, we'll try and
>> > work
>> > >> > > something out for you.
>> > >> > >
>> > >> > > As for migrating to TomEE from how you're running at the moment -
>> I
>> > >> guess
>> > >> > > that depends on your requirements. If you're not using our
>> > >> tomee-embedded
>> > >> > > module, it might be worth checking out. I've been playing around
>> > with
>> > >> > > adding
>> > >> > > that to a .war so you can execute a the war using TomEE just be
>> > doing
>> > >> a
>> > >> > > java
>> > >> > > -jar myapp.war, kind of like how the jenkins (
>> > http://jenkins-ci.org/)
>> > >> > war
>> > >> > > file works. I should have that going tonight - I can definitely
>> post
>> > >> that
>> > >> > > up
>> > >> > > here if you're interested.
>> > >> > >
>> > >> > > Jon
>> > >> > >
>> > >> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
>> > >> > > <rm...@gmail.com>wrote:
>> > >> > >
>> > >> > > > i think if you start tomee-embedded and add to classpath the
>> > >> > context.xml
>> > >> > > > file it should work, can you give it a try?
>> > >> > > >
>> > >> > > > - Romain
>> > >> > > >
>> > >> > > >
>> > >> > > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>> > >> > > >
>> > >> > > > > We're using Tomcat Embedded mode. I don't find that file in
>> the
>> > >> given
>> > >> > > > > directory.
>> > >> > > > >
>> > >> > > > > in CATALIBA_BASE/conf:
>> > >> > > > >
>> > >> > > > > Catalina catalina.policy catalina.properties context.xml
>> > >> > > > > logging.properties openejb.xml server.xml
>> > server.xml.original
>> > >> > > > > tomcat-users.xml web.xml
>> > >> > > > >
>> > >> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
>> > >> > > > >
>> > >> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
>> > >> > > > > org.apache.openejb.tomcat
>> > >> > > > >
>> > >> > > > > are the files which I find.
>> > >> > > > >
>> > >> > > > > Do you think it is wise to port to TomEE ?
>> > >> > > > >
>> > >> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
>> > >> > > > > jonathan.gallimore@gmail.com> wrote:
>> > >> > > > >
>> > >> > > > > > I think we restrict access by ip address to localhost by
>> > >> default.
>> > >> > > Check
>> > >> > > > > out
>> > >> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe
>> > you
>> > >> can
>> > >> > > > edit
>> > >> > > > > > that to meet your needs.
>> > >> > > > > >
>> > >> > > > > > By default the config in that file is:
>> > >> > > > > >
>> > >> > > > > > <Context>
>> > >> > > > > > <Valve
>> className="org.apache.catalina.valves.RemoteAddrValve"
>> > >> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
>> > >> > > > > > </Context>
>> > >> > > > > >
>> > >> > > > > > There might be other valve you could add that might do what
>> > you
>> > >> > want.
>> > >> > > > > >
>> > >> > > > > > Alternatively if you're using a HTTP server in front of
>> > >> > Tomcat/TomEE
>> > >> > > > you
>> > >> > > > > > could use some URL rewriting to prevent access to the
>> > >> application.
>> > >> > > > > >
>> > >> > > > > > Let us know if that's no good though, and we'll try and
>> > suggest
>> > >> > > > something
>> > >> > > > > > else.
>> > >> > > > > >
>> > >> > > > > > Jon
>> > >> > > > > >
>> > >> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
>> > >> > > > > > ravindranathakila@gmail.com> wrote:
>> > >> > > > > >
>> > >> > > > > > > Is there a very secure way I can prevent access to or
>> > disable
>> > >> > > > /openejb
>> > >> > > > > > > application?
>> > >> > > > > > >
>> > >> > > > > > > Thanks in Advance :)
>> > >> > > > > > >
>> > >> > > > > > > Akila...
>> > >> > > > > > >
>> > >> > > > > >
>> > >> > > > >
>> > >> > > > >
>> > >> > > > >
>> > >> > > > > --
>> > >> > > > > Thanks!
>> > >> > > > > Akila...
>> > >> > > > >
>> > >> > > >
>> > >> > >
>> > >> >
>> > >>
>> > >
>> >
>>
>
>
>
>
--
Cheers!
Akila...
Re: Preventing Access To /openejb
Posted by Ravindranath Akila <ra...@gmail.com>.
Depending how I look at it, it seems we are doing something a bit odd. Our
webapp and EJB container(openejb) are the same Tomcat. Hence remote(web)
access is required by the web application deployed as ROOT in the webapps
directory of Tomcat.
*So I did this for now in Tomcat:*
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="sample_role"/>
<user username="something" password="something" roles="sample_role"/>
</tomcat-users>
*and in the web.xml of openejb:*
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>OpenEJB Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ilp</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the OpenEJB Application
</description>
<role-name>sample_role</role-name>
</security-role>
But I'm not sure if preventing in this manner is secure.
On Thu, Oct 20, 2011 at 11:08 PM, Romain Manni-Bucau
<rm...@gmail.com>wrote:
> hmm
>
> the openejb context.xml prevent the remote access to openejb webapp (for
> security reasons).
>
> if you want security you should keep it and remote accesses will return
> 403..
>
> i'm not sure i get the problem
>
> - Romain
>
>
> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>
> > As I guessed, the official documentation on resolving the HTTP Status 403
> > says to delete it(http://openejb.apache.org/tomcat.html). Is there a way
> > of
> > adding context.xml without getting 403?
> >
> > Thanks a lot for helping me out!
> > On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <
> > ravindranathakila@gmail.com>
> > wrote:
> >
> > > You are right. It's on my local instance but not on the tomcat instance
> > on
> > > the server. I'm checking why!
> > > On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <rm...@gmail.com>
> > > wrote:
> > >
> > >> well META-INF/context.xml should work and should already be in
> > >> openejb.war.
> > >>
> > >> - Romain
> > >>
> > >>
> > >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > >>
> > >> > We use openejb.war by putting it in the Tomcat webapp folder -
> Tomcat
> > >> being
> > >> > an original fetched from Apache.
> > >> >
> > >> > I'm worried to go for TomEE since we've gone production. I'll try
> what
> > >> you
> > >> > suggest and let you know how it goes.
> > >> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> > >> > jonathan.gallimore@gmail.com>
> > >> > wrote:
> > >> >
> > >> > > You beat me to it, I was going to make the same suggestion. Are
> you
> > >> using
> > >> > > our tomee-embedded module or are you hooking OpenEJB up to an
> > Embedded
> > >> > > Tomcat in some other way? If you're hooking things up yourself, if
> > you
> > >> > can
> > >> > > post a bit of code showing what you're doing that would be a big
> > help.
> > >> > >
> > >> > > Let us know if adding the context.xml doesn't work, we'll try and
> > work
> > >> > > something out for you.
> > >> > >
> > >> > > As for migrating to TomEE from how you're running at the moment -
> I
> > >> guess
> > >> > > that depends on your requirements. If you're not using our
> > >> tomee-embedded
> > >> > > module, it might be worth checking out. I've been playing around
> > with
> > >> > > adding
> > >> > > that to a .war so you can execute a the war using TomEE just be
> > doing
> > >> a
> > >> > > java
> > >> > > -jar myapp.war, kind of like how the jenkins (
> > http://jenkins-ci.org/)
> > >> > war
> > >> > > file works. I should have that going tonight - I can definitely
> post
> > >> that
> > >> > > up
> > >> > > here if you're interested.
> > >> > >
> > >> > > Jon
> > >> > >
> > >> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> > >> > > <rm...@gmail.com>wrote:
> > >> > >
> > >> > > > i think if you start tomee-embedded and add to classpath the
> > >> > context.xml
> > >> > > > file it should work, can you give it a try?
> > >> > > >
> > >> > > > - Romain
> > >> > > >
> > >> > > >
> > >> > > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > >> > > >
> > >> > > > > We're using Tomcat Embedded mode. I don't find that file in
> the
> > >> given
> > >> > > > > directory.
> > >> > > > >
> > >> > > > > in CATALIBA_BASE/conf:
> > >> > > > >
> > >> > > > > Catalina catalina.policy catalina.properties context.xml
> > >> > > > > logging.properties openejb.xml server.xml
> > server.xml.original
> > >> > > > > tomcat-users.xml web.xml
> > >> > > > >
> > >> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > >> > > > >
> > >> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
> > >> > > > > org.apache.openejb.tomcat
> > >> > > > >
> > >> > > > > are the files which I find.
> > >> > > > >
> > >> > > > > Do you think it is wise to port to TomEE ?
> > >> > > > >
> > >> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > >> > > > > jonathan.gallimore@gmail.com> wrote:
> > >> > > > >
> > >> > > > > > I think we restrict access by ip address to localhost by
> > >> default.
> > >> > > Check
> > >> > > > > out
> > >> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe
> > you
> > >> can
> > >> > > > edit
> > >> > > > > > that to meet your needs.
> > >> > > > > >
> > >> > > > > > By default the config in that file is:
> > >> > > > > >
> > >> > > > > > <Context>
> > >> > > > > > <Valve
> className="org.apache.catalina.valves.RemoteAddrValve"
> > >> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> > >> > > > > > </Context>
> > >> > > > > >
> > >> > > > > > There might be other valve you could add that might do what
> > you
> > >> > want.
> > >> > > > > >
> > >> > > > > > Alternatively if you're using a HTTP server in front of
> > >> > Tomcat/TomEE
> > >> > > > you
> > >> > > > > > could use some URL rewriting to prevent access to the
> > >> application.
> > >> > > > > >
> > >> > > > > > Let us know if that's no good though, and we'll try and
> > suggest
> > >> > > > something
> > >> > > > > > else.
> > >> > > > > >
> > >> > > > > > Jon
> > >> > > > > >
> > >> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> > >> > > > > > ravindranathakila@gmail.com> wrote:
> > >> > > > > >
> > >> > > > > > > Is there a very secure way I can prevent access to or
> > disable
> > >> > > > /openejb
> > >> > > > > > > application?
> > >> > > > > > >
> > >> > > > > > > Thanks in Advance :)
> > >> > > > > > >
> > >> > > > > > > Akila...
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > --
> > >> > > > > Thanks!
> > >> > > > > Akila...
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> > >
> >
>
Re: Preventing Access To /openejb
Posted by Romain Manni-Bucau <rm...@gmail.com>.
hmm
the openejb context.xml prevent the remote access to openejb webapp (for
security reasons).
if you want security you should keep it and remote accesses will return
403..
i'm not sure i get the problem
- Romain
2011/10/20 Ravindranath Akila <ra...@gmail.com>
> As I guessed, the official documentation on resolving the HTTP Status 403
> says to delete it(http://openejb.apache.org/tomcat.html). Is there a way
> of
> adding context.xml without getting 403?
>
> Thanks a lot for helping me out!
> On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <
> ravindranathakila@gmail.com>
> wrote:
>
> > You are right. It's on my local instance but not on the tomcat instance
> on
> > the server. I'm checking why!
> > On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <rm...@gmail.com>
> > wrote:
> >
> >> well META-INF/context.xml should work and should already be in
> >> openejb.war.
> >>
> >> - Romain
> >>
> >>
> >> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >>
> >> > We use openejb.war by putting it in the Tomcat webapp folder - Tomcat
> >> being
> >> > an original fetched from Apache.
> >> >
> >> > I'm worried to go for TomEE since we've gone production. I'll try what
> >> you
> >> > suggest and let you know how it goes.
> >> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> >> > jonathan.gallimore@gmail.com>
> >> > wrote:
> >> >
> >> > > You beat me to it, I was going to make the same suggestion. Are you
> >> using
> >> > > our tomee-embedded module or are you hooking OpenEJB up to an
> Embedded
> >> > > Tomcat in some other way? If you're hooking things up yourself, if
> you
> >> > can
> >> > > post a bit of code showing what you're doing that would be a big
> help.
> >> > >
> >> > > Let us know if adding the context.xml doesn't work, we'll try and
> work
> >> > > something out for you.
> >> > >
> >> > > As for migrating to TomEE from how you're running at the moment - I
> >> guess
> >> > > that depends on your requirements. If you're not using our
> >> tomee-embedded
> >> > > module, it might be worth checking out. I've been playing around
> with
> >> > > adding
> >> > > that to a .war so you can execute a the war using TomEE just be
> doing
> >> a
> >> > > java
> >> > > -jar myapp.war, kind of like how the jenkins (
> http://jenkins-ci.org/)
> >> > war
> >> > > file works. I should have that going tonight - I can definitely post
> >> that
> >> > > up
> >> > > here if you're interested.
> >> > >
> >> > > Jon
> >> > >
> >> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> >> > > <rm...@gmail.com>wrote:
> >> > >
> >> > > > i think if you start tomee-embedded and add to classpath the
> >> > context.xml
> >> > > > file it should work, can you give it a try?
> >> > > >
> >> > > > - Romain
> >> > > >
> >> > > >
> >> > > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >> > > >
> >> > > > > We're using Tomcat Embedded mode. I don't find that file in the
> >> given
> >> > > > > directory.
> >> > > > >
> >> > > > > in CATALIBA_BASE/conf:
> >> > > > >
> >> > > > > Catalina catalina.policy catalina.properties context.xml
> >> > > > > logging.properties openejb.xml server.xml
> server.xml.original
> >> > > > > tomcat-users.xml web.xml
> >> > > > >
> >> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> >> > > > >
> >> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
> >> > > > > org.apache.openejb.tomcat
> >> > > > >
> >> > > > > are the files which I find.
> >> > > > >
> >> > > > > Do you think it is wise to port to TomEE ?
> >> > > > >
> >> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> >> > > > > jonathan.gallimore@gmail.com> wrote:
> >> > > > >
> >> > > > > > I think we restrict access by ip address to localhost by
> >> default.
> >> > > Check
> >> > > > > out
> >> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe
> you
> >> can
> >> > > > edit
> >> > > > > > that to meet your needs.
> >> > > > > >
> >> > > > > > By default the config in that file is:
> >> > > > > >
> >> > > > > > <Context>
> >> > > > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> >> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> >> > > > > > </Context>
> >> > > > > >
> >> > > > > > There might be other valve you could add that might do what
> you
> >> > want.
> >> > > > > >
> >> > > > > > Alternatively if you're using a HTTP server in front of
> >> > Tomcat/TomEE
> >> > > > you
> >> > > > > > could use some URL rewriting to prevent access to the
> >> application.
> >> > > > > >
> >> > > > > > Let us know if that's no good though, and we'll try and
> suggest
> >> > > > something
> >> > > > > > else.
> >> > > > > >
> >> > > > > > Jon
> >> > > > > >
> >> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> >> > > > > > ravindranathakila@gmail.com> wrote:
> >> > > > > >
> >> > > > > > > Is there a very secure way I can prevent access to or
> disable
> >> > > > /openejb
> >> > > > > > > application?
> >> > > > > > >
> >> > > > > > > Thanks in Advance :)
> >> > > > > > >
> >> > > > > > > Akila...
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > > --
> >> > > > > Thanks!
> >> > > > > Akila...
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> >
>
Re: Preventing Access To /openejb
Posted by Ravindranath Akila <ra...@gmail.com>.
As I guessed, the official documentation on resolving the HTTP Status 403
says to delete it(http://openejb.apache.org/tomcat.html). Is there a way of
adding context.xml without getting 403?
Thanks a lot for helping me out!
On Oct 20, 2011 10:57 PM, "Ravindranath Akila" <ra...@gmail.com>
wrote:
> You are right. It's on my local instance but not on the tomcat instance on
> the server. I'm checking why!
> On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <rm...@gmail.com>
> wrote:
>
>> well META-INF/context.xml should work and should already be in
>> openejb.war.
>>
>> - Romain
>>
>>
>> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>>
>> > We use openejb.war by putting it in the Tomcat webapp folder - Tomcat
>> being
>> > an original fetched from Apache.
>> >
>> > I'm worried to go for TomEE since we've gone production. I'll try what
>> you
>> > suggest and let you know how it goes.
>> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
>> > jonathan.gallimore@gmail.com>
>> > wrote:
>> >
>> > > You beat me to it, I was going to make the same suggestion. Are you
>> using
>> > > our tomee-embedded module or are you hooking OpenEJB up to an Embedded
>> > > Tomcat in some other way? If you're hooking things up yourself, if you
>> > can
>> > > post a bit of code showing what you're doing that would be a big help.
>> > >
>> > > Let us know if adding the context.xml doesn't work, we'll try and work
>> > > something out for you.
>> > >
>> > > As for migrating to TomEE from how you're running at the moment - I
>> guess
>> > > that depends on your requirements. If you're not using our
>> tomee-embedded
>> > > module, it might be worth checking out. I've been playing around with
>> > > adding
>> > > that to a .war so you can execute a the war using TomEE just be doing
>> a
>> > > java
>> > > -jar myapp.war, kind of like how the jenkins (http://jenkins-ci.org/)
>> > war
>> > > file works. I should have that going tonight - I can definitely post
>> that
>> > > up
>> > > here if you're interested.
>> > >
>> > > Jon
>> > >
>> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
>> > > <rm...@gmail.com>wrote:
>> > >
>> > > > i think if you start tomee-embedded and add to classpath the
>> > context.xml
>> > > > file it should work, can you give it a try?
>> > > >
>> > > > - Romain
>> > > >
>> > > >
>> > > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>> > > >
>> > > > > We're using Tomcat Embedded mode. I don't find that file in the
>> given
>> > > > > directory.
>> > > > >
>> > > > > in CATALIBA_BASE/conf:
>> > > > >
>> > > > > Catalina catalina.policy catalina.properties context.xml
>> > > > > logging.properties openejb.xml server.xml server.xml.original
>> > > > > tomcat-users.xml web.xml
>> > > > >
>> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
>> > > > >
>> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
>> > > > > org.apache.openejb.tomcat
>> > > > >
>> > > > > are the files which I find.
>> > > > >
>> > > > > Do you think it is wise to port to TomEE ?
>> > > > >
>> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
>> > > > > jonathan.gallimore@gmail.com> wrote:
>> > > > >
>> > > > > > I think we restrict access by ip address to localhost by
>> default.
>> > > Check
>> > > > > out
>> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you
>> can
>> > > > edit
>> > > > > > that to meet your needs.
>> > > > > >
>> > > > > > By default the config in that file is:
>> > > > > >
>> > > > > > <Context>
>> > > > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
>> > > > > > </Context>
>> > > > > >
>> > > > > > There might be other valve you could add that might do what you
>> > want.
>> > > > > >
>> > > > > > Alternatively if you're using a HTTP server in front of
>> > Tomcat/TomEE
>> > > > you
>> > > > > > could use some URL rewriting to prevent access to the
>> application.
>> > > > > >
>> > > > > > Let us know if that's no good though, and we'll try and suggest
>> > > > something
>> > > > > > else.
>> > > > > >
>> > > > > > Jon
>> > > > > >
>> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
>> > > > > > ravindranathakila@gmail.com> wrote:
>> > > > > >
>> > > > > > > Is there a very secure way I can prevent access to or disable
>> > > > /openejb
>> > > > > > > application?
>> > > > > > >
>> > > > > > > Thanks in Advance :)
>> > > > > > >
>> > > > > > > Akila...
>> > > > > > >
>> > > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > > Thanks!
>> > > > > Akila...
>> > > > >
>> > > >
>> > >
>> >
>>
>
Re: Preventing Access To /openejb
Posted by Ravindranath Akila <ra...@gmail.com>.
You are right. It's on my local instance but not on the tomcat instance on
the server. I'm checking why!
On Oct 20, 2011 8:49 PM, "Romain Manni-Bucau" <rm...@gmail.com> wrote:
> well META-INF/context.xml should work and should already be in openejb.war.
>
> - Romain
>
>
> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>
> > We use openejb.war by putting it in the Tomcat webapp folder - Tomcat
> being
> > an original fetched from Apache.
> >
> > I'm worried to go for TomEE since we've gone production. I'll try what
> you
> > suggest and let you know how it goes.
> > On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> > jonathan.gallimore@gmail.com>
> > wrote:
> >
> > > You beat me to it, I was going to make the same suggestion. Are you
> using
> > > our tomee-embedded module or are you hooking OpenEJB up to an Embedded
> > > Tomcat in some other way? If you're hooking things up yourself, if you
> > can
> > > post a bit of code showing what you're doing that would be a big help.
> > >
> > > Let us know if adding the context.xml doesn't work, we'll try and work
> > > something out for you.
> > >
> > > As for migrating to TomEE from how you're running at the moment - I
> guess
> > > that depends on your requirements. If you're not using our
> tomee-embedded
> > > module, it might be worth checking out. I've been playing around with
> > > adding
> > > that to a .war so you can execute a the war using TomEE just be doing a
> > > java
> > > -jar myapp.war, kind of like how the jenkins (http://jenkins-ci.org/)
> > war
> > > file works. I should have that going tonight - I can definitely post
> that
> > > up
> > > here if you're interested.
> > >
> > > Jon
> > >
> > > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> > > <rm...@gmail.com>wrote:
> > >
> > > > i think if you start tomee-embedded and add to classpath the
> > context.xml
> > > > file it should work, can you give it a try?
> > > >
> > > > - Romain
> > > >
> > > >
> > > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > > >
> > > > > We're using Tomcat Embedded mode. I don't find that file in the
> given
> > > > > directory.
> > > > >
> > > > > in CATALIBA_BASE/conf:
> > > > >
> > > > > Catalina catalina.policy catalina.properties context.xml
> > > > > logging.properties openejb.xml server.xml server.xml.original
> > > > > tomcat-users.xml web.xml
> > > > >
> > > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > > > >
> > > > > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
> > > > > org.apache.openejb.tomcat
> > > > >
> > > > > are the files which I find.
> > > > >
> > > > > Do you think it is wise to port to TomEE ?
> > > > >
> > > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > > > > jonathan.gallimore@gmail.com> wrote:
> > > > >
> > > > > > I think we restrict access by ip address to localhost by default.
> > > Check
> > > > > out
> > > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you
> can
> > > > edit
> > > > > > that to meet your needs.
> > > > > >
> > > > > > By default the config in that file is:
> > > > > >
> > > > > > <Context>
> > > > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> > > > > > </Context>
> > > > > >
> > > > > > There might be other valve you could add that might do what you
> > want.
> > > > > >
> > > > > > Alternatively if you're using a HTTP server in front of
> > Tomcat/TomEE
> > > > you
> > > > > > could use some URL rewriting to prevent access to the
> application.
> > > > > >
> > > > > > Let us know if that's no good though, and we'll try and suggest
> > > > something
> > > > > > else.
> > > > > >
> > > > > > Jon
> > > > > >
> > > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> > > > > > ravindranathakila@gmail.com> wrote:
> > > > > >
> > > > > > > Is there a very secure way I can prevent access to or disable
> > > > /openejb
> > > > > > > application?
> > > > > > >
> > > > > > > Thanks in Advance :)
> > > > > > >
> > > > > > > Akila...
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Thanks!
> > > > > Akila...
> > > > >
> > > >
> > >
> >
>
Re: Preventing Access To /openejb
Posted by Romain Manni-Bucau <rm...@gmail.com>.
well META-INF/context.xml should work and should already be in openejb.war.
- Romain
2011/10/20 Ravindranath Akila <ra...@gmail.com>
> We use openejb.war by putting it in the Tomcat webapp folder - Tomcat being
> an original fetched from Apache.
>
> I'm worried to go for TomEE since we've gone production. I'll try what you
> suggest and let you know how it goes.
> On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <
> jonathan.gallimore@gmail.com>
> wrote:
>
> > You beat me to it, I was going to make the same suggestion. Are you using
> > our tomee-embedded module or are you hooking OpenEJB up to an Embedded
> > Tomcat in some other way? If you're hooking things up yourself, if you
> can
> > post a bit of code showing what you're doing that would be a big help.
> >
> > Let us know if adding the context.xml doesn't work, we'll try and work
> > something out for you.
> >
> > As for migrating to TomEE from how you're running at the moment - I guess
> > that depends on your requirements. If you're not using our tomee-embedded
> > module, it might be worth checking out. I've been playing around with
> > adding
> > that to a .war so you can execute a the war using TomEE just be doing a
> > java
> > -jar myapp.war, kind of like how the jenkins (http://jenkins-ci.org/)
> war
> > file works. I should have that going tonight - I can definitely post that
> > up
> > here if you're interested.
> >
> > Jon
> >
> > On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> > <rm...@gmail.com>wrote:
> >
> > > i think if you start tomee-embedded and add to classpath the
> context.xml
> > > file it should work, can you give it a try?
> > >
> > > - Romain
> > >
> > >
> > > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> > >
> > > > We're using Tomcat Embedded mode. I don't find that file in the given
> > > > directory.
> > > >
> > > > in CATALIBA_BASE/conf:
> > > >
> > > > Catalina catalina.policy catalina.properties context.xml
> > > > logging.properties openejb.xml server.xml server.xml.original
> > > > tomcat-users.xml web.xml
> > > >
> > > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > > >
> > > > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
> > > > org.apache.openejb.tomcat
> > > >
> > > > are the files which I find.
> > > >
> > > > Do you think it is wise to port to TomEE ?
> > > >
> > > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > > > jonathan.gallimore@gmail.com> wrote:
> > > >
> > > > > I think we restrict access by ip address to localhost by default.
> > Check
> > > > out
> > > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you can
> > > edit
> > > > > that to meet your needs.
> > > > >
> > > > > By default the config in that file is:
> > > > >
> > > > > <Context>
> > > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> > > > > </Context>
> > > > >
> > > > > There might be other valve you could add that might do what you
> want.
> > > > >
> > > > > Alternatively if you're using a HTTP server in front of
> Tomcat/TomEE
> > > you
> > > > > could use some URL rewriting to prevent access to the application.
> > > > >
> > > > > Let us know if that's no good though, and we'll try and suggest
> > > something
> > > > > else.
> > > > >
> > > > > Jon
> > > > >
> > > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> > > > > ravindranathakila@gmail.com> wrote:
> > > > >
> > > > > > Is there a very secure way I can prevent access to or disable
> > > /openejb
> > > > > > application?
> > > > > >
> > > > > > Thanks in Advance :)
> > > > > >
> > > > > > Akila...
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Thanks!
> > > > Akila...
> > > >
> > >
> >
>
Re: Preventing Access To /openejb
Posted by Ravindranath Akila <ra...@gmail.com>.
We use openejb.war by putting it in the Tomcat webapp folder - Tomcat being
an original fetched from Apache.
I'm worried to go for TomEE since we've gone production. I'll try what you
suggest and let you know how it goes.
On Oct 20, 2011 4:33 PM, "Jonathan Gallimore" <jo...@gmail.com>
wrote:
> You beat me to it, I was going to make the same suggestion. Are you using
> our tomee-embedded module or are you hooking OpenEJB up to an Embedded
> Tomcat in some other way? If you're hooking things up yourself, if you can
> post a bit of code showing what you're doing that would be a big help.
>
> Let us know if adding the context.xml doesn't work, we'll try and work
> something out for you.
>
> As for migrating to TomEE from how you're running at the moment - I guess
> that depends on your requirements. If you're not using our tomee-embedded
> module, it might be worth checking out. I've been playing around with
> adding
> that to a .war so you can execute a the war using TomEE just be doing a
> java
> -jar myapp.war, kind of like how the jenkins (http://jenkins-ci.org/) war
> file works. I should have that going tonight - I can definitely post that
> up
> here if you're interested.
>
> Jon
>
> On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
> <rm...@gmail.com>wrote:
>
> > i think if you start tomee-embedded and add to classpath the context.xml
> > file it should work, can you give it a try?
> >
> > - Romain
> >
> >
> > 2011/10/20 Ravindranath Akila <ra...@gmail.com>
> >
> > > We're using Tomcat Embedded mode. I don't find that file in the given
> > > directory.
> > >
> > > in CATALIBA_BASE/conf:
> > >
> > > Catalina catalina.policy catalina.properties context.xml
> > > logging.properties openejb.xml server.xml server.xml.original
> > > tomcat-users.xml web.xml
> > >
> > > in $CATALINA_BASE/webapps/openejb/META-INF/
> > >
> > > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
> > > org.apache.openejb.tomcat
> > >
> > > are the files which I find.
> > >
> > > Do you think it is wise to port to TomEE ?
> > >
> > > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > > jonathan.gallimore@gmail.com> wrote:
> > >
> > > > I think we restrict access by ip address to localhost by default.
> Check
> > > out
> > > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you can
> > edit
> > > > that to meet your needs.
> > > >
> > > > By default the config in that file is:
> > > >
> > > > <Context>
> > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> > > > </Context>
> > > >
> > > > There might be other valve you could add that might do what you want.
> > > >
> > > > Alternatively if you're using a HTTP server in front of Tomcat/TomEE
> > you
> > > > could use some URL rewriting to prevent access to the application.
> > > >
> > > > Let us know if that's no good though, and we'll try and suggest
> > something
> > > > else.
> > > >
> > > > Jon
> > > >
> > > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> > > > ravindranathakila@gmail.com> wrote:
> > > >
> > > > > Is there a very secure way I can prevent access to or disable
> > /openejb
> > > > > application?
> > > > >
> > > > > Thanks in Advance :)
> > > > >
> > > > > Akila...
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Thanks!
> > > Akila...
> > >
> >
>
Re: Preventing Access To /openejb
Posted by Jonathan Gallimore <jo...@gmail.com>.
You beat me to it, I was going to make the same suggestion. Are you using
our tomee-embedded module or are you hooking OpenEJB up to an Embedded
Tomcat in some other way? If you're hooking things up yourself, if you can
post a bit of code showing what you're doing that would be a big help.
Let us know if adding the context.xml doesn't work, we'll try and work
something out for you.
As for migrating to TomEE from how you're running at the moment - I guess
that depends on your requirements. If you're not using our tomee-embedded
module, it might be worth checking out. I've been playing around with adding
that to a .war so you can execute a the war using TomEE just be doing a java
-jar myapp.war, kind of like how the jenkins (http://jenkins-ci.org/) war
file works. I should have that going tonight - I can definitely post that up
here if you're interested.
Jon
On Thu, Oct 20, 2011 at 11:06 AM, Romain Manni-Bucau
<rm...@gmail.com>wrote:
> i think if you start tomee-embedded and add to classpath the context.xml
> file it should work, can you give it a try?
>
> - Romain
>
>
> 2011/10/20 Ravindranath Akila <ra...@gmail.com>
>
> > We're using Tomcat Embedded mode. I don't find that file in the given
> > directory.
> >
> > in CATALIBA_BASE/conf:
> >
> > Catalina catalina.policy catalina.properties context.xml
> > logging.properties openejb.xml server.xml server.xml.original
> > tomcat-users.xml web.xml
> >
> > in $CATALINA_BASE/webapps/openejb/META-INF/
> >
> > DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
> > org.apache.openejb.tomcat
> >
> > are the files which I find.
> >
> > Do you think it is wise to port to TomEE ?
> >
> > On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> > jonathan.gallimore@gmail.com> wrote:
> >
> > > I think we restrict access by ip address to localhost by default. Check
> > out
> > > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you can
> edit
> > > that to meet your needs.
> > >
> > > By default the config in that file is:
> > >
> > > <Context>
> > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> > > </Context>
> > >
> > > There might be other valve you could add that might do what you want.
> > >
> > > Alternatively if you're using a HTTP server in front of Tomcat/TomEE
> you
> > > could use some URL rewriting to prevent access to the application.
> > >
> > > Let us know if that's no good though, and we'll try and suggest
> something
> > > else.
> > >
> > > Jon
> > >
> > > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> > > ravindranathakila@gmail.com> wrote:
> > >
> > > > Is there a very secure way I can prevent access to or disable
> /openejb
> > > > application?
> > > >
> > > > Thanks in Advance :)
> > > >
> > > > Akila...
> > > >
> > >
> >
> >
> >
> > --
> > Thanks!
> > Akila...
> >
>
Re: Preventing Access To /openejb
Posted by Romain Manni-Bucau <rm...@gmail.com>.
i think if you start tomee-embedded and add to classpath the context.xml
file it should work, can you give it a try?
- Romain
2011/10/20 Ravindranath Akila <ra...@gmail.com>
> We're using Tomcat Embedded mode. I don't find that file in the given
> directory.
>
> in CATALIBA_BASE/conf:
>
> Catalina catalina.policy catalina.properties context.xml
> logging.properties openejb.xml server.xml server.xml.original
> tomcat-users.xml web.xml
>
> in $CATALINA_BASE/webapps/openejb/META-INF/
>
> DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
> org.apache.openejb.tomcat
>
> are the files which I find.
>
> Do you think it is wise to port to TomEE ?
>
> On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
> jonathan.gallimore@gmail.com> wrote:
>
> > I think we restrict access by ip address to localhost by default. Check
> out
> > $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you can edit
> > that to meet your needs.
> >
> > By default the config in that file is:
> >
> > <Context>
> > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> > </Context>
> >
> > There might be other valve you could add that might do what you want.
> >
> > Alternatively if you're using a HTTP server in front of Tomcat/TomEE you
> > could use some URL rewriting to prevent access to the application.
> >
> > Let us know if that's no good though, and we'll try and suggest something
> > else.
> >
> > Jon
> >
> > On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> > ravindranathakila@gmail.com> wrote:
> >
> > > Is there a very secure way I can prevent access to or disable /openejb
> > > application?
> > >
> > > Thanks in Advance :)
> > >
> > > Akila...
> > >
> >
>
>
>
> --
> Thanks!
> Akila...
>
Re: Preventing Access To /openejb
Posted by Ravindranath Akila <ra...@gmail.com>.
We're using Tomcat Embedded mode. I don't find that file in the given
directory.
in CATALIBA_BASE/conf:
Catalina catalina.policy catalina.properties context.xml
logging.properties openejb.xml server.xml server.xml.original
tomcat-users.xml web.xml
in $CATALINA_BASE/webapps/openejb/META-INF/
DEPENDENCIES MANIFEST.MF dependencies.txt dependencies.xml
org.apache.openejb.tomcat
are the files which I find.
Do you think it is wise to port to TomEE ?
On Thu, Oct 20, 2011 at 2:59 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:
> I think we restrict access by ip address to localhost by default. Check out
> $CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you can edit
> that to meet your needs.
>
> By default the config in that file is:
>
> <Context>
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
> </Context>
>
> There might be other valve you could add that might do what you want.
>
> Alternatively if you're using a HTTP server in front of Tomcat/TomEE you
> could use some URL rewriting to prevent access to the application.
>
> Let us know if that's no good though, and we'll try and suggest something
> else.
>
> Jon
>
> On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
> ravindranathakila@gmail.com> wrote:
>
> > Is there a very secure way I can prevent access to or disable /openejb
> > application?
> >
> > Thanks in Advance :)
> >
> > Akila...
> >
>
--
Thanks!
Akila...
Re: Preventing Access To /openejb
Posted by Jonathan Gallimore <jo...@gmail.com>.
I think we restrict access by ip address to localhost by default. Check out
$CATALINA_BASE/webapps/openejb/META-INF/context.xml - maybe you can edit
that to meet your needs.
By default the config in that file is:
<Context>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
</Context>
There might be other valve you could add that might do what you want.
Alternatively if you're using a HTTP server in front of Tomcat/TomEE you
could use some URL rewriting to prevent access to the application.
Let us know if that's no good though, and we'll try and suggest something
else.
Jon
On Thu, Oct 20, 2011 at 10:19 AM, Ravindranath Akila <
ravindranathakila@gmail.com> wrote:
> Is there a very secure way I can prevent access to or disable /openejb
> application?
>
> Thanks in Advance :)
>
> Akila...
>