Re: how do i restrict servlet access? / blocking URLs
Hi Jim, Thanks-- I just looked at using a filter as a solution, but there seems to be a problem. I want the servlet in webapp A to be able to dispatch to B but not a user. The problem is the filter will block all requests including the dispatch from A. I need a way to somehow ensure that A can invoke servlet B in web app B but not a user navigating directly... any ideas are greatly appreciated. Actually one question would be how to create a filter that allows incoming requests from that same machine but not IP's outside of it I guess? Thanks, Jason Jim Henderson wrote: Take a look at yesterdays (6/23 5:02 PM) posting Blocking urls. That should help. -Original Message- From: Jason Novotny [mailto:[EMAIL PROTECTED] Sent: Thursday, June 23, 2005 10:13 PM To: tomcat-user@jakarta.apache.org Subject: how do i restrict servlet access? Hi, I have a webapp A that uses cross-context to dispatch requests to webapp B. However, I want users to have to go thru webapp A and the mapping I set in web.xml. How do I restrict access so only webapp A can invoke B's servlet but B should be inaccessible to users navigation. Is there something I can set in the web.xml of B or would I need to modify server.xml as a site wide configuration? Thanks, Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how do i restrict servlet access? / blocking URLs
You could literally examine the IP of the incoming request (look at ServletRequest object), or you could have A set some sort of flag in request to indicate to the filter to let the request through regardless. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Fri, June 24, 2005 2:32 pm, Jason Novotny said: Hi Jim, Thanks-- I just looked at using a filter as a solution, but there seems to be a problem. I want the servlet in webapp A to be able to dispatch to B but not a user. The problem is the filter will block all requests including the dispatch from A. I need a way to somehow ensure that A can invoke servlet B in web app B but not a user navigating directly... any ideas are greatly appreciated. Actually one question would be how to create a filter that allows incoming requests from that same machine but not IP's outside of it I guess? Thanks, Jason Jim Henderson wrote: Take a look at yesterdays (6/23 5:02 PM) posting Blocking urls. That should help. -Original Message- From: Jason Novotny [mailto:[EMAIL PROTECTED] Sent: Thursday, June 23, 2005 10:13 PM To: tomcat-user@jakarta.apache.org Subject: how do i restrict servlet access? Hi, I have a webapp A that uses cross-context to dispatch requests to webapp B. However, I want users to have to go thru webapp A and the mapping I set in web.xml. How do I restrict access so only webapp A can invoke B's servlet but B should be inaccessible to users navigation. Is there something I can set in the web.xml of B or would I need to modify server.xml as a site wide configuration? Thanks, Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: how do i restrict servlet access? / blocking URLs
Sorry, I am no expert. I felt lucky to get the URL blocking solved. I don't have experience for what your doing. I just thought it might lead to something and could be adapted to your needs. Good luck -Original Message- From: Jason Novotny [mailto:[EMAIL PROTECTED] Sent: Friday, June 24, 2005 1:32 PM To: Tomcat Users List Cc: [EMAIL PROTECTED] Subject: Re: how do i restrict servlet access? / blocking URLs Hi Jim, Thanks-- I just looked at using a filter as a solution, but there seems to be a problem. I want the servlet in webapp A to be able to dispatch to B but not a user. The problem is the filter will block all requests including the dispatch from A. I need a way to somehow ensure that A can invoke servlet B in web app B but not a user navigating directly... any ideas are greatly appreciated. Actually one question would be how to create a filter that allows incoming requests from that same machine but not IP's outside of it I guess? Thanks, Jason Jim Henderson wrote: Take a look at yesterdays (6/23 5:02 PM) posting Blocking urls. That should help. -Original Message- From: Jason Novotny [mailto:[EMAIL PROTECTED] Sent: Thursday, June 23, 2005 10:13 PM To: tomcat-user@jakarta.apache.org Subject: how do i restrict servlet access? Hi, I have a webapp A that uses cross-context to dispatch requests to webapp B. However, I want users to have to go thru webapp A and the mapping I set in web.xml. How do I restrict access so only webapp A can invoke B's servlet but B should be inaccessible to users navigation. Is there something I can set in the web.xml of B or would I need to modify server.xml as a site wide configuration? Thanks, Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how do i restrict servlet access? / blocking URLs
you can use a Remote Host or Address Filter for webapp B that only allows localhost or whatever server webapp A runs on: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html something like this: Context of webapp B Valve className=org.apache.catalina.valves.RemoteAddrValve allow=ip of webapp A / /Context -Lou --- Jason Novotny [EMAIL PROTECTED] wrote: Hi Jim, Thanks-- I just looked at using a filter as a solution, but there seems to be a problem. I want the servlet in webapp A to be able to dispatch to B but not a user. The problem is the filter will block all requests including the dispatch from A. I need a way to somehow ensure that A can invoke servlet B in web app B but not a user navigating directly... any ideas are greatly appreciated. Actually one question would be how to create a filter that allows incoming requests from that same machine but not IP's outside of it I guess? Thanks, Jason Jim Henderson wrote: Take a look at yesterdays (6/23 5:02 PM) posting Blocking urls. That should help. -Original Message- From: Jason Novotny [mailto:[EMAIL PROTECTED] Sent: Thursday, June 23, 2005 10:13 PM To: tomcat-user@jakarta.apache.org Subject: how do i restrict servlet access? Hi, I have a webapp A that uses cross-context to dispatch requests to webapp B. However, I want users to have to go thru webapp A and the mapping I set in web.xml. How do I restrict access so only webapp A can invoke B's servlet but B should be inaccessible to users navigation. Is there something I can set in the web.xml of B or would I need to modify server.xml as a site wide configuration? Thanks, Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]