In our production we want Sun One Web server 6.1 and JBoss App server combination. Almost all things are done.
But I got one problem which i want to discuss.
Basically, I have enabled Single Sign On for web server and through webserver App server got connected. The problem is if i know the ip and port on which App server running, i can able to connect directly on app server. I don't want to do that. Let only the request comes from web server (sun one- 6.1) and have the access on app server. So nobody can directly able to connect to app server.
I have setup valve in the server.xml and allow only certain ip,but as this picks the client ip.(users who access it through internet obviously are not allowed with this configuration). But I want even those users also should able to connect from internet but only restriction is the request should come from web server only.
I have use - className="org.apache.catalina.valves.RemoteAddrValve. I think I should have to provide different valve value than "RemoteAddrValve".
we have 3 machines(load balancing) for web server,so we want only 3 IP should be allowd by Tomcat.
Any expert? I am sure there is someone who had done this thing. please let me know the solution.
Your suggestion would be appreciated.