-
1. Re: RemoteAddrValve Problems
anguyen Sep 1, 2005 10:20 PM (in response to kkleist)You can declare valves in deploy/jbossweb-tomcat55.sar/server.xml within the host section (should apply to all contexts for that host).
If the valve must be within a context, then try deploy/jbossweb-tomcat55.sar/context.xml. -
2. Re: RemoteAddrValve Problems
kkleist Sep 6, 2005 3:26 PM (in response to kkleist)Thanks Andy, but your recommendation runs contrary to the Tomcat documentation. Please see the following page:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html
I've also tried dropping 'context.xml' into different directories including the one you recommend but it still doesn't seem to work.
So I question myself:
1) is the content of my 'context.xml' file correct (eg, all that's in there is a single description, nothing else)
2) Does this feature even work?
3) In the case of an JBoss embedded Tomcat, where is CATALINA_HOME and is this variable even needed?
The documentation is somewhat vague about the way the valve is configured, and the JBoss documentation specifically says as much.
//Kurt -
3. Re: RemoteAddrValve Problems
anguyen Sep 6, 2005 3:42 PM (in response to kkleist)I'm not suggesting you place context elements in server.xml. Follow the example at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/host.html to add the valve at the host level.
This way, you don't need to mess with context.xml at all.
In server.xml, you would have something like this:<Server> ... <Engine ...> ... <Host ...> ... <Valve className="org.apache.catalina.valves.RemoteHostValve" allow="*.mycompany.com,www.yourcompany.com"/> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="192.168.1.*"/> ... </Host> </Engine> </Server>
These valves are defined in the Host section, not within Context. The docs claim this is allowed. -
4. Re: RemoteAddrValve Problems
kkleist Sep 6, 2005 3:59 PM (in response to kkleist)So maybe we're not discussing the valve at the same level. I need to leave some app open to the world and secure others. The docs describe doing this using a context. I have tried everything the docs have suggested and I come to the conclusion that: 1) the docs are wrong or intentionally ambiguous, or 2) request valves do not work for the scope of a oontext.
"Please note that for tomcat 5.x, unlike tomcat 4.x, it is NOT recommended to place elements directly in the server.xml file. Instead, put them in the META-INF/context.xml directory of your WAR file or the conf directory as described above. "
... and while describing a request vavle ...
<Context path="/examples" ...>
...
...
//Kurt -
5. Re: RemoteAddrValve Problems
anguyen Sep 6, 2005 4:25 PM (in response to kkleist)Now I'm confused.
I'm having some trouble getting RemoteAddrValve/RemoteHostValve working at the host level.
Please don't tell me in WEB-INF of each of the protected resources. This is supposed to be a host level deal;
If you want to protect different contexts differently, then it sounds like you will need to create a context.xml for each webapp and place it in WEB-INF. Can you post your context.xml files? -
6. Re: RemoteAddrValve Problems
kkleist Sep 6, 2005 6:00 PM (in response to kkleist)Ouch. My bad. In my original post I should have written "context" and not "host". Sorry for the confusion.
The context file I've been using to test/prove is very simple. It contents is (IPs and names changed to protect the innocent):<context path="/bob/admin"> <valve classname="org.apache.catalina.valves.RemoteAddrValve" deny="130.107.xxx.xxx"/> <valve classname="org.apache.catalina.valves.RemoteHostValve" deny="bluefish.bob.com"/> </context>