The code to implement the shutdown process (at least in 4.0.6) is in
org.apache.catalina.core.StandardServer
You modify the await() method to implement the security mechanism you need.
Currently, it accepts connections on localhost to port 8005, and waits until
it can read the magic word ("SHUTDOWN", unless changed in server.xml) from a
connection. When the method returns, Tomcat shuts down.
To turn off shutdown altogether, await() should never return (though you
lose the ability to do a clean shutdown this way).
Alternatively, you could rewrite await() to check for the existence of a
certain file in a certain location. File and directory permissions should
then give you control over who can shut the server down.
Or, you can extend the code to accept a username and password, and look
these up in an LDAP directory to determine if the user has the correct
permissions.
Lots of possibilities - but they all require you to customise Tomcat to make
them work.
The fundamental problem is that someone you don't trust can log in to a
server you depend upon to provide a service. The only real way to cure this
is to tighten up security on the server itself.
For this reason, Tomcat's existing security mechanism is probably
sufficient - it requires that you have local access to the server, but
beyond that, accepts that there's not much else it can provide in the way of
real security.
Dan.
> -----Original Message-----
> From: mech [mailto:[EMAIL PROTECTED]]
> Sent: 30 January 2003 22:41
> To: [EMAIL PROTECTED]
> Subject: Possible too switch off tcp/ip server shutdown?
>
>
> I have a question because my tomcat is running on a solaris machine. I'm
> not the admin.
> I know it's easily possible to connect to that server pc for lot's of
> people.
>
> So I tried to use rlogin myself, telnet localhost 8005, say SHUTDOWN and
> down was the server. Unfortunately anyone else could have done it, too.
> Except changing the "SHUTDOWN" command to something more secret and
> preventing server.xml from reading, i have no idea how to prevent
> shutdown, because I don't think it'll be possible to prevent other users
> from rlogin to this server machine.
>
>
> My questions (maybe not all are equally reasonable, but at least I want
> to get an idea about several options):
>
> 1. Is it possible to disable the listener at port 8005 completely?
> 2. Except the file permissions and changing the SHUTDOWN command, is
> there any other way on solaris to prohibid telnet localhost 8005 in any
> way for users (a bit unix specific, i know)
> 3. If I change the SHUTDOWN command to something else, will I still be
> able to use shutdown.sh?
> I mean what mechanismn does the shutdown.sh use? Is it mainly doing
> tcp/ip and sending this command, then I suggest I would have to change
> the shutdown.sh to use the new secret word. If yes, how to do it?
>
> Thanks
> Michael
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
