Re: Securing Axis2-Admin

[Moritz Mädler]

Thanks! I added the following lines to the /axis2/WEB-INF/classes/ 
log4j.properties:
----
de.tamundo.security=WARN, CONSOLE
de 
.tamundo.security.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
de.tamundo.security.appender.CONSOLE.layout.ConversionPattern=[%p] %m%n
----
I still get the same error.


Am 24.08.2009 um 14:30 schrieb Martin Gainty:

#log4j.properties should contain a statement which associates your  
package to Level e.g.
#package=LEVEL, NameOfAppender

#BEGIN CONSOLE APPENDER (stdout)
#first:type of appender (fully qualified class name) note all stdout  
goes to ConsoleAppender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
#    Many appenders require a layout.
log4j.appender.stdout.layout=org.apache.log4j.SimpleLayout

#  additionally, some layouts can take additional information --
#    like the ConversionPattern for the PatternLayout.
# log4j.appender.stdout.layout.ConversionPattern=%d %-5p %-17c{2}  
(%30F:%L) %3x
- %m%n

# BEGIN Rolling APPENDER: (rolling)
#  first:type of appender (fully qualified class name)
log4j.appender.rolling=org.apache.log4j.RollingFileAppender
#  second: Any configuration information needed for that appender.
#    Many appenders require a layout.
log4j.appender.rolling.File=example.log

# max file size of rolling appender will be 100kb
log4j.appender.rolling.MaxFileSize=100KB
#  Keep one backup file
log4j.appender.rolling.MaxBackupIndex=1

#pattern of the logfile
log4j.appender.rolling.layout=org.apache.log4j.PatternLayout
log4j.appender.rolling.layout.ConversionPattern=%p %t %c - %m%n

//default rootCategory for level is debug with output directed to  
stdout or //RollingFileAppender as in
log4j.rootCategory=debug,stdout,rolling

//you want to assign your package=LEVEL,Appender1,Appender2 as  
defined here
de.tamundo.security=warn,stdout,rolling

valid levels are
debug, info, warn, error, fatal and log.

appenders are
console, files, GUI components, remote socket servers, JMS, NT Event  
Loggers, and remote UNIX Syslog daemons

http://logging.apache.org/log4j/1.2/manual.html

HTH
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de  
confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene  
Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede  
unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig.  
Diese Nachricht dient lediglich dem Austausch von Informationen und  
entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten  
Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den  
Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes  
pas le destinataire prévu, nous te demandons avec bonté que pour  
satisfaire informez l'expéditeur. N'importe quelle diffusion non  
autorisée ou la copie de ceci est interdite. Ce message sert à  
l'information seulement et n'aura pas n'importe quel effet  
légalement obligatoire. Étant donné que les email peuvent facilement  
être sujets à la manipulation, nous ne pouvons accepter aucune  
responsabilité pour le contenu fourni.





From: m...@moritz-maedler.de
To: axis-user@ws.apache.org
Subject: Securing Axis2-Admin
Date: Mon, 24 Aug 2009 14:11:58 +0200

Hello,

I'm using axis2 1.5 as a tomcat6 servlet. As it runs in production,  
I want to secure the axis2 admin frontend
by restricting the access to a specifig (e.g. local) IP-range.
How can this be implemented? I tried to integrate a filter which  
sends a 403-error upon access with wrong
IP-address. This leaded to following exception when restarting tomcat:
-----
Aug 24, 2009 12:47:30 PM org.apache.catalina.core.StandardContext  
processTlds
SEVERE: Error reading tld listeners java.lang.NullPointerException
java.lang.NullPointerException
        at org.apache.log4j.Category.isEnabledFor(Category.java:749)
	at  
org 
.apache 
.commons.logging.impl.Log4JLogger.isTraceEnabled(Log4JLogger.java:333)
	at  
org 
.apache 
.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java:581)
        at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:282)
	at  
org 
.apache 
.catalina.core.StandardContext.processTlds(StandardContext.java:4307)
	at  
org.apache.catalina.core.StandardContext.start(StandardContext.java: 
4144)
	at  
org 
.apache 
.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at  
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java: 
740)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java: 
544)
	at  
org 
.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java: 
626)
	at  
org 
.apache 
.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
	at  
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
	at  
org 
.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java: 
311)
	at  
org 
.apache 
.catalina 
.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java: 
1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java: 
1014)
	at  
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at  
org.apache.catalina.core.StandardService.start(StandardService.java: 
448)
	at  
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at  
sun 
.reflect 
.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at  
sun 
.reflect 
.DelegatingMethodAccessorImpl 
.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at  
sun 
.reflect 
.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at  
sun 
.reflect 
.DelegatingMethodAccessorImpl 
.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
	at  
org 
.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 
177)
Aug 24, 2009 12:47:31 PM org.apache.catalina.core.StandardContext  
processTlds
----

The filter-config looks like web.xml looks like
----
[....AXIS-CONF....]
<filter>
                <description>
                </description>
                <display-name>
                IPFilter</display-name>
                <filter-name>IPFilter</filter-name>
                <filter-class>de.tamundo.security.IPFilter</filter-class>
        </filter>
<filter-mapping>
                <filter-name>IPFilter</filter-name>
                <url-pattern>/IPFilter</url-pattern>
        </filter-mapping>
----

I copied the filterclass under /axis2/WEB-INF/de/tamundo/security.

Is there another possibility to secure the Axis2-Admin?

Thanks alot!

Moritz



Windows Live: Make it easier for your friends to see what you’re up  
to on Facebook. Find out more.