Thanks Martin, I would imagine that the manager application wrapped in a web services implementation would have no less security than the manager/html application, and therefore be no more vulnerable than /manager/html would be.
At any rate, all our tomcats in our server farm are firewalled and the manager and administration applications for each are not accessible from outside except through VPN and only our admins have that. I can after all look at the sources for the manager application, and write my own WSDL and Axis generated web services, but I am a firm believe in not re-inventing the wheel and suspect someone has already done that. Ollie mgainty wrote: > > > there are different approaches based on your security needs > if you open your TC webapps you will subject yourself to Man-in-the-middle > attacks > which would be time-consuming to detect and quite costly to your business > > have you thought of an alternative approach perhaps some other Secure > front end such as mod_ssl > http://www.modssl.org/ and then allow access after they have properly > validated? > > Another approach is to protect all sources via assignment of User/groups > to Roles where roles would identify > which resources one could add > which resources one could delete > which resources one could change > which resources one could view > an all-in-one Portal Single-sign-on such as Jetspeed would accomplish that > objective > http://portals.apache.org/jetspeed-2/ > > Martin Gainty > ______________________________________________ > Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene > Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte > Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht > dient lediglich dem Austausch von Informationen und entfaltet keine > rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von > E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le > destinataire prévu, nous te demandons avec bonté que pour satisfaire > informez l'expéditeur. N'importe quelle diffusion non autorisée ou la > copie de ceci est interdite. Ce message sert à l'information seulement et > n'aura pas n'importe quel effet légalement obligatoire. Étant donné que > les email peuvent facilement être sujets à la manipulation, nous ne > pouvons accepter aucune responsabilité pour le contenu fourni. > > > > >> Date: Wed, 27 May 2009 09:37:27 -0700 >> From: moli...@corenttech.com >> To: users@tomcat.apache.org >> Subject: Has anyone created a WSDL for the Manager Application >> >> >> I would like to use Web Services to access the many tomcat instances I >> have, >> instead of having to login to each Manager individually. >> >> Has anyone created a WSDL wrapper implementation to duplicate the manager >> or >> administration applications operations via web services. Non WSDL REST >> web >> services would be fine too. >> >> Ollie >> -- >> View this message in context: >> http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23746190.html >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > _________________________________________________________________ > Hotmail® has a new way to see what's up with your friends. > http://windowslive.com/Tutorial/Hotmail/WhatsNew?ocid=TXT_TAGLM_WL_HM_Tutorial_WhatsNew1_052009 > -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23749127.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
