-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Yuval,
On 9/7/16 4:03 AM, Yuval Schwartz wrote: > Hello, > > Tomcat: 8.0.22 Java: jdk1.8.0_05 > > I recently restricted access to my Tomcat Manager App by: 1) > Changing the name of the manager app. 2) Block access to the > manager app by IP address. > > I did the following: A) Stopped Tomcat B) Simply renamed the > manager app in $CATALINA_BASE/webapps by executing the linux > command "mv manager somename". C) Adding a file to the path > $CATALINA_BASE/conf/Catalina/[hostname] named "somename.xml" which > contained the following context element to restrict access to the > manager app: > > <Context path="/somename" privileged = "true"> <Valve > className="org.apache.catalina.valves.RemoteAddrValve" > allow="[myIP]"/> </Context> Don't put a "path" in the <Context>. The filename is already manager.xml, so Tomcat knows it should be deployed as /manager Step (B) should have been sufficient. You can modify the META-INF/context.xml that comes with the manager if you want. Or, even better, use a separate CATALINA_BASE and your own custom CATALINA_BASE/conf/Catalina/localhost/manager.xml that points to the manager application in ${catalina.home}/webapps/manager. We do this with our ant-based deployment scripts: copy the stock manager's context.xml file, transform it with an XSLT that sets the docBase and inserts the RemoteAddrValve and Realm we want, and drop that file into CATALINA_BASE/conf/[engine]/[host]/manager.xml > D) Start Tomcat > > This caused my web application to lose access to the database (as > if the web applications Context element located in > /webapps/myapp/META-INF/context.xml was overridden or something). > > Does anyone have any suggestions on what's going on? My host is > called localhost. You must have done something other than what you described above. If you really only touched the manager, than other applications shouldn't have any problems. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJX0YRiAAoJEBzwKT+lPKRYWiUP/RXZ0AEymW8C7+hFZNM97E3J UMxaHBj1VRYqgLlieZmI80rBAQss3dzZtF9ZyxWvF4+boUeOTdH5Q3rK3sK7yvwZ 9bWy6lnw9f9lP+fVurRhg0DngpHjPKtS2fzOeQRDMsQEPBRtJy7OEZxOrgJ4xi5W eQ548r1P6Op93VEe/jpgnu8NF2TUiyWP5jDxvySTOdFc1nbrFHZjtjJ3OInsr07s jk+7cqt15Q7oick4Ql8W53uZP6r0C4gMwGPjozHyt14tHjKHeOqcRnn5n4nIKUV9 yuWALFi5Lis1Ww0Z4ybSHzhKbGuPpA4hRCtKgoOZJlIj19ofyjO2iroApQFlySAK TS9scZA8sBpKLwj4hlWf+cUj2deiCZWYDNkP+gXl5RbpFqhBREKQVB7JknunJqlD QqY0DUd1gG/xjvehIZd2oaHhO3lmoZTW/9HCqpm5RyUQk4E3TiK0W4XSwrN8pYAZ fbfQ2QxYljMGV2bQshkLBll5OJNsPNNRmtB0PNzhT3Mll5b16ivpLwOyzTsGfvg4 i1vQXzS59gZIzdCn7LqhbTbN0Vg09EhRXiIjeFW0gbnavFUonMrBNqMqc4slPu/v 51sUo7D+sw7t4O1P+XO+HAdKw538Bgkq7qVFWKnWwXLTqUTyrlWZBJczsRHKlOh3 4SL5mezp6B9mlpm4TJC4 =qRk9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org