Hello,
I'm using axis2 1.5 as a tomcat6 servlet. As it runs in production, I
want to secure the axis2 admin frontend
by restricting the access to a specifig (e.g. local) IP-range.
How can this be implemented? I tried to integrate a filter which sends
a 403-error upon access with wrong
IP-address. This leaded to following exception when restarting tomcat:
-----
Aug 24, 2009 12:47:30 PM org.apache.catalina.core.StandardContext
processTlds
SEVERE: Error reading tld listeners java.lang.NullPointerException
java.lang.NullPointerException
at org.apache.log4j.Category.isEnabledFor(Category.java:749)
at
org
.apache
.commons.logging.impl.Log4JLogger.isTraceEnabled(Log4JLogger.java:333)
at
org
.apache.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java:
581)
at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:282)
at
org
.apache.catalina.core.StandardContext.processTlds(StandardContext.java:
4307)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:
4144)
at
org
.apache
.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:
740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:
544)
at
org
.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:
626)
at
org
.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:
553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:
488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:
311)
at
org
.apache
.catalina
.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:
1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:
1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:
443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:
700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
39)
at
sun
.reflect
.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
39)
at
sun
.reflect
.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:
177)
Aug 24, 2009 12:47:31 PM org.apache.catalina.core.StandardContext
processTlds
----
The filter-config looks like web.xml looks like
----
[....AXIS-CONF....]
<filter>
<description>
</description>
<display-name>
IPFilter</display-name>
<filter-name>IPFilter</filter-name>
<filter-class>de.tamundo.security.IPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>IPFilter</filter-name>
<url-pattern>/IPFilter</url-pattern>
</filter-mapping>
----
I copied the filterclass under /axis2/WEB-INF/de/tamundo/security.
Is there another possibility to secure the Axis2-Admin?
Thanks alot!
Moritz
