-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Analía,
On 12/14/13, 1:27 PM, ANALIA DE PEDRO SANTAMARIA wrote: > I'm developing a permission system in Tomcat and I would like to > restrict incoming connections per application. I mean, I want to > restrict incoming connections in some applications and permit them > in others. So you want one application to disallow all connections, but others can receive incoming requests? Why not just un-deploy the application you don't want to be accessible? > I have tried to do it with the Security Manager (SocketPermission), > but it doesn't restrict all incoming connections. Really? You must have done it incorrectly, because disabling SocketPermission should have prevented Tomcat from binding to the port in the first place. No connection would be possible at all. Note that you need to enable a SecurityManager in order to use SockerPermission, and that Tomcat's default security configuration is to allow the appropriate SocketPermissions, so you'd have to seriously damage your Tomcat installation in order to do that. I don't recommend it. > And also I have tried with RemoteAddrValve and RemoteHostValve > (<Context>) but it restricts all connections, not only the > incoming ones. What other kinds of connections are there, other than incoming ones? > I have been searching other way to do that but I couldn't find > anything. You haven't really described what you want to accomplish. "Restrict incoming connections per application" could mean a range of things. Do you want to prohibit certain connections (e.g. non-localhost), throttle connection rates, or require authentication for certain applications? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSrMB1AAoJEBzwKT+lPKRY8qUQAMt/05HhUrsM85yftbothYpP +ldnboUFOvvbwQ2zgd8N0Cv2WAcdNtHmvPoM/0gPC3zdvK0YClN1ojsKyGi6N7P4 eua18+A8z926xIDfx9OseQkiLlnHuK7JTcJHDeDCPQFYuV+qyTksHUWOrzXBNeXv munO0myFGafTwXHInx2Jx/nKpjQncn6Tt6yFftbDdIpA65dwd4TfmmVh2IHzIEfL IPRVy9E1AB++HeH7MUhfptqONlmZ8iRC5+sauQCd9W/BjK+D9K+6AWi/TLl2N1Ek GlphJesttrtbkaoGzUw69ow5mxYZCAdHjRBgHK+doh3IoWfoDdPlpIP0nLWcv+dA PRbXzcpazzV7F9FsekpGJM1sC1fKnPG/C6t3WC1Lb3LHYo5TBPRRA2xUUig7LRk5 g4lCL8h9dVBHwJtKLrmD5+z1wWLgs6J5Bty2lTZU05+zPQ54XNzk4O/He39UJmTn ACWi3xqr51Tx9E8oD9t3BlcjUxzbskFk3FhozVLG+zOSjxJVzspB3+8n7kZzciW5 0VTCFkX9/AGEW7TdYDp4MusSYYfZNkZuxN2/XQo5TnwPJjrvaW0dz56cMURWFaKO PTGgcXg1yLU4Qb4P6EdOxLcLv6dC3mF37X7fO5VGMOvg8rcPvbR8blF+zgmFimcT kiAUjXjwF8VrUPc8EFft =/585 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org