Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Securing the Web Service Request  RSS feed

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I have web service deployed on Apache Tomcat server on windows Server.
Is it possible to restrict the access by web application in tomcat.
For example:
app1:-Webservice1
app2:-transcation

I want to restrict the app1 to accept request from on specific IP address

app2 to global

I am able to restrict the specific IP address the process the request from server.xml in tomcat .

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="10\.0\.0\.0" />

How can I do by Context. Please help

Thanks
Padma


 
Bartender
Posts: 4002
42
Chrome Fedora Hibernate
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you try defining a separate context and apply the Valve configuration [1]?
 
Saloon Keeper
Posts: 18800
74
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Padma!

Using a different IP address is no real security. If an unfriendly person can get to any IP address, that address can be attacked. J2EE defines a true security system and I suggest studying that.

If you actually have a practical need for different virtual hosts at different IP addresses, you have to have a deeper understanding of how Tomcat is assembled from its components. Tomcat's primary elements are Servers, Hosts, and Engines. Connector elements define which IP address(es) a given host will listen to and thus process.

In practice, any site that is complex enough to need multiple virtual hosts often needs to be able to present both J2EE and non-J2EE webapps (such as PHP or Django) and a better solution is to define them all to a front-end server such as Apache. Apache can then tunnel the JEE-specific requests to one or more Tomcat server/app combinations. Apache is also more secure as a web-facing system since it doesn't require elevated privileges to listen to standard ports 80 and 8443 the way Tomcat does.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!