You can declare valves in deploy/jbossweb-tomcat55.sar/server.xml within the host section (should apply to all contexts for that host).
If the valve must be within a context, then try deploy/jbossweb-tomcat55.sar/context.xml.
Thanks Andy, but your recommendation runs contrary to the Tomcat documentation. Please see the following page:
I've also tried dropping 'context.xml' into different directories including the one you recommend but it still doesn't seem to work.
So I question myself:
1) is the content of my 'context.xml' file correct (eg, all that's in there is a single description, nothing else)
2) Does this feature even work?
3) In the case of an JBoss embedded Tomcat, where is CATALINA_HOME and is this variable even needed?
The documentation is somewhat vague about the way the valve is configured, and the JBoss documentation specifically says as much.
I'm not suggesting you place context elements in server.xml. Follow the example at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/host.html to add the valve at the host level.
This way, you don't need to mess with context.xml at all.
In server.xml, you would have something like this:
<Server> ... <Engine ...> ... <Host ...> ... <Valve className="org.apache.catalina.valves.RemoteHostValve" allow="*.mycompany.com,www.yourcompany.com"/> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="192.168.1.*"/> ... </Host> </Engine> </Server>
These valves are defined in the Host section, not within Context. The docs claim this is allowed.
So maybe we're not discussing the valve at the same level. I need to leave some app open to the world and secure others. The docs describe doing this using a context. I have tried everything the docs have suggested and I come to the conclusion that: 1) the docs are wrong or intentionally ambiguous, or 2) request valves do not work for the scope of a oontext.
"Please note that for tomcat 5.x, unlike tomcat 4.x, it is NOT recommended to place elements directly in the server.xml file. Instead, put them in the META-INF/context.xml directory of your WAR file or the conf directory as described above. "
... and while describing a request vavle ...
<Context path="/examples" ...>
Now I'm confused.
I'm having some trouble getting RemoteAddrValve/RemoteHostValve working at the host level.
Please don't tell me in WEB-INF of each of the protected resources. This is supposed to be a host level deal;
If you want to protect different contexts differently, then it sounds like you will need to create a context.xml for each webapp and place it in WEB-INF. Can you post your context.xml files?
Ouch. My bad. In my original post I should have written "context" and not "host". Sorry for the confusion.
The context file I've been using to test/prove is very simple. It contents is (IPs and names changed to protect the innocent):
<context path="/bob/admin"> <valve classname="org.apache.catalina.valves.RemoteAddrValve" deny="130.107.xxx.xxx"/> <valve classname="org.apache.catalina.valves.RemoteHostValve" deny="bluefish.bob.com"/> </context>