On 30.09.2016 09:07, Harneet Singh wrote:
Hello All,
I have a java application which is hosted in Tomcat 7.0.62.
As part of business logic the code sometimes connects to remote hosts and
downloads resources.
Is there a way I can specify a whitelist using the Tomcat configuration?
Means I only want my application to be able to fetch data from
www.google.com but any request going from my web application hosted in the
my Tomcat needs is to be denied for any of the other hosts.
I know the workaround can be I configure the firewall on the machine to
deny any such requests, but that would be operating system specific and I
would like to acheive this using Tomcat configuration, without changing my
code.
Thanks again for reading this and trying to help :)
Tomcat itself is unaware of any outgoing connections that a webapp may make, so there is
no way in Tomcat itself to control this.
But the Java JVM which runs Tomcat (and thus the webapp) is aware of such
connections.
So maybe you should look at starting Tomcat under the Java Security Manager, and check
which options are available there ? That is portable, because it is a JVM option which
should work the same way everywhere.
Look in the file "(tomcat-dir)/conf/catalina.policies" for examples, like :
// The permission granted to the scrape taglib
// grant codeBase
"jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
Note that enabling the security manager may have other effects on your applications, so
you should test this comprehensively before enabling it just for your one application.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
