3 Replies Latest reply on Jun 20, 2005 1:00 PM by Scott Stark

    RemoteAddrValve to protect core apps?

    teej Newbie

      I'm looking for instructions on how to use RemoteAddrValve to protect web applications at the context level.

      Using JBoss 4.0.2, two HTTP connectors - one LAN one Internet.

      10.254.251.20:9006 & a.b.c.d:80

      I want to allow access to the web-console, jmx, etc., and a custom admin console web-app from the LAN (remote-address will be 10.254.*) but disable it for Internet remote clients.

      I've looked at Wiki articles and the Admin docs; they talk about it being possible at the Tomcat container level and simply link to Tomcat docs.

      http://wiki.jboss.org/wiki/Wiki.jsp?page=LimitAccessToCertainClients

      Following the instructions in those docs to create a per-context XML configuration hasn't met with success so far.

      I tried adding a context.xml to jboss/server/all/work/localhost/web-console/


      <Valve className="org.apache.catalina.valves.RemoteHostValve" allow="10.254.*.*" deny "*" / >


      But it doesn't seem to be used.

        • 1. Re: RemoteAddrValve to protect core apps?
          teej Newbie

          Of course I meant to write

          <Context path="/web-console" docBase="D:\Server\jboss\server\all\deploy\management\console-mgr.sar\web-console.war" debug="1" privileged="true" >
           <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="10.254.*.*" deny "" />
          </Context>


          • 2. Re: RemoteAddrValve to protect core apps?
            teej Newbie

            I eventually found a location that gets read, by monitoring the file-system for "FILE NOT FOUND" using sysinternal's File Monitor.

            Placing context.xml in the web-console.war/WEB_INF/ folder creates the Valve

            <Context debug="1" privileged="true" >
             <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="10.254.*.*" />
            </Context>

            Unfortunately, it creates TWO Valves!

            During deployment the same context.xml is being read twice, about 2-3 seconds apart, and a duplicate RemoteAddrValve is reported. I can't understand why context.xml is read again :-S

            Can anyone tell me if this is a bug?

            2005-06-17 05:00:33,847 DEBUG [org.jboss.web.tomcat.tc5.TomcatDeployer] Using session cookies default setting
            2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
            2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=JaccContextValve,path=/web-console,host=localhost
            2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
             2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=RemoteAddrValve,path=/web-console,host=localhost
             2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
            2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=StandardContextValve,path=/web-console,host=localhost
            2005-06-17 05:00:34,394 DEBUG [org.jboss.web.tomcat.filters.ReplyHeaderFilter] Adding header name: X-Powered-By='Servlet 2.4; JBoss-4.0.2 (build: CVSTag=JBoss_4_0_2 date=200505022023)/Tomcat-5.5'
            2005-06-17 05:00:36,331 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
             2005-06-17 05:00:36,346 DEBUG [org.apache.catalina.valves.ValveBase] Duplicate org.apache.catalina.valves.RemoteAddrValve@c9f93f org.apache.catalina.valves.RemoteAddrValve@aad0b StandardEngine[jboss.web].StandardHost[localhost].StandardContext[/web-console]
             2005-06-17 05:00:36,346 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=RemoteAddrValve,seq=1,path=/web-console,host=localhost
             2005-06-17 05:00:36,362 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
            2005-06-17 05:00:36,362 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=SecurityAssociationValve,path=/web-console,host=localhost
            2005-06-17 05:00:36,378 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
            2005-06-17 05:00:36,378 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=CustomPrincipalValve,path=/web-console,host=localhost
            2005-06-17 05:00:36,378 DEBUG [org.jboss.web.tomcat.tc5.TomcatDeployer] Initialized: {WebApplication: /D:/Server/jboss/server/all/deploy/management/console-mgr.sar/web-console.war/, URL: file:/D:/Server/jboss/server/all/deploy/management/console-mgr.sar/web-console.war/, classLoader: java.net.FactoryURLClassLoader@81b83c:8501308} jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
            


            • 3. Re: RemoteAddrValve to protect core apps?
              Scott Stark Master

              Create a bug report so someone can look into it:
              http://jira.jboss.com/jira/browse/JBAS