We are currently using Tomcat 4.1.12. We are doing virtual hosting
and install the /manager for each virt host. It all looks something
like :
<Host name="www.abc.com" debug="0" appBase="/pub/users/abc/www" unpackWARs="true"
autoDeploy="true">
<Logger className="org.apache.catalina.logger.FileLogger" prefix="abc_log."
suffix=".txt" verbosity="4" timestamp="true"/>
<Context path="/manager" docBase="/usr/local/etc/tomcat/server/webapps/manager"
debug="1" reloadable="true" crossContext="true" privileged="true">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="abc-manager_log." suffix=".txt" verbosity="4" timestamp="true"/>
</Context>
</Host>
<Host name="www.xyz.com" debug="0" appBase="/pub/users/xyz/www" unpackWARs="true"
autoDeploy="true">
<Logger className="org.apache.catalina.logger.FileLogger" prefix="xyz_log."
suffix=".txt" verbosity="4" timestamp="true"/>
<Context path="/manager" docBase="/usr/local/etc/tomcat/server/webapps/manager"
debug="1" reloadable="true" crossContext="true" privileged="true">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="xyz-manager_log." suffix=".txt" verbosity="4" timestamp="true"/>
</Context>
</Host>
We are using the JDBC realm to authenticate users through mysql and
this is working well. The problem is that there does not seem to be a
way to limit a user to a particular virtual host. I have looked
through the documentation and there is a Valve to restict based on IP
address or hostname, but nothing to restict based on the username.
ie - www.abc.com/manager/html/list authenticates with abc/123
www.xyz.com/manager/html/list authenticates with xyz/987
but user xyz can also get into www.abc.com/manager/html/list
and user abc can also get into www.xyz.com/manager/html/list
The way I have solved this is to make a copy of the default manager
WAR - ie manager-abc, manager-xyz and point the Context to this unique
WAR. Within the web.xml file for this manager WAR, I change
both instances of <role-name>manager</role-name> to a unique
role for this user. ie :
manager-abc/WEB-INF/web.xml contains <role-name>manager-abc</role-name>
manager-xyz/WEB-INF/web.xml contains <role-name>manager-xyz</role-name>
In the user_roles mysql table, I use this new role instead of
manager. This seems to work OK and keeps user xyz out of abc's
/manager, but this seems like an awful hack. Is there a better
(easier) way of doing this?
--
John
___________________________________________________________________
John Murtari Software Workshop Inc.
[EMAIL PROTECTED] 315.695.1301(x-211) "TheBook.Com" (TM)
http://www.thebook.com/
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
