-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Yuval,
On 9/7/16 4:03 AM, Yuval Schwartz wrote:
> Hello,
>
> Tomcat: 8.0.22 Java: jdk1.8.0_05
>
> I recently restricted access to my Tomcat Manager App by: 1)
> Changing the name of the manager app. 2) Block access to the
> manager app by IP address.
>
> I did the following: A) Stopped Tomcat B) Simply renamed the
> manager app in $CATALINA_BASE/webapps by executing the linux
> command "mv manager somename". C) Adding a file to the path
> $CATALINA_BASE/conf/Catalina/[hostname] named "somename.xml" which
> contained the following context element to restrict access to the
> manager app:
>
> <Context path="/somename" privileged = "true"> <Valve
> className="org.apache.catalina.valves.RemoteAddrValve"
> allow="[myIP]"/> </Context>
Don't put a "path" in the <Context>. The filename is already
manager.xml, so Tomcat knows it should be deployed as /manager
Step (B) should have been sufficient. You can modify the
META-INF/context.xml that comes with the manager if you want. Or, even
better, use a separate CATALINA_BASE and your own custom
CATALINA_BASE/conf/Catalina/localhost/manager.xml that points to the
manager application in ${catalina.home}/webapps/manager.
We do this with our ant-based deployment scripts: copy the stock
manager's context.xml file, transform it with an XSLT that sets the
docBase and inserts the RemoteAddrValve and Realm we want, and drop
that file into CATALINA_BASE/conf/[engine]/[host]/manager.xml
> D) Start Tomcat
>
> This caused my web application to lose access to the database (as
> if the web applications Context element located in
> /webapps/myapp/META-INF/context.xml was overridden or something).
>
> Does anyone have any suggestions on what's going on? My host is
> called localhost.
You must have done something other than what you described above. If
you really only touched the manager, than other applications shouldn't
have any problems.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJX0YRiAAoJEBzwKT+lPKRYWiUP/RXZ0AEymW8C7+hFZNM97E3J
UMxaHBj1VRYqgLlieZmI80rBAQss3dzZtF9ZyxWvF4+boUeOTdH5Q3rK3sK7yvwZ
9bWy6lnw9f9lP+fVurRhg0DngpHjPKtS2fzOeQRDMsQEPBRtJy7OEZxOrgJ4xi5W
eQ548r1P6Op93VEe/jpgnu8NF2TUiyWP5jDxvySTOdFc1nbrFHZjtjJ3OInsr07s
jk+7cqt15Q7oick4Ql8W53uZP6r0C4gMwGPjozHyt14tHjKHeOqcRnn5n4nIKUV9
yuWALFi5Lis1Ww0Z4ybSHzhKbGuPpA4hRCtKgoOZJlIj19ofyjO2iroApQFlySAK
TS9scZA8sBpKLwj4hlWf+cUj2deiCZWYDNkP+gXl5RbpFqhBREKQVB7JknunJqlD
QqY0DUd1gG/xjvehIZd2oaHhO3lmoZTW/9HCqpm5RyUQk4E3TiK0W4XSwrN8pYAZ
fbfQ2QxYljMGV2bQshkLBll5OJNsPNNRmtB0PNzhT3Mll5b16ivpLwOyzTsGfvg4
i1vQXzS59gZIzdCn7LqhbTbN0Vg09EhRXiIjeFW0gbnavFUonMrBNqMqc4slPu/v
51sUo7D+sw7t4O1P+XO+HAdKw538Bgkq7qVFWKnWwXLTqUTyrlWZBJczsRHKlOh3
4SL5mezp6B9mlpm4TJC4
=qRk9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
