Thanks, the issue is that my customer does not want to restrict the admin-console in it's war - the rational is anybody can then just redeploy a new admin-console.war and access it (overwrite the restrictions). They want to restrict access to this context from OUTSIDE the actual deployment. Make sense?
On Mon, Mar 3, 2014 at 4:22 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Ravi, > > On 3/3/14, 5:10 PM, Ravi Gupta wrote: > > Tomcat 6.X RHEL > > > > I tried adding the below in order to limit access to > > /admin-console > > > > It worked, but it limits access to EVERY context, which is odd. I > > am sure I am doing something wrong or I misunderstand how this > > works > > > > I want to put restrictions on the /admin-console context, but I do > > not want it inside the admin-console.war > > > > Again, this works, but other contexts are denied as well! > > > > <Context path="/admin-console"> <Valve > > className="org.apache.catalina.valves.RemoteAddrValve" deny="*" /> > > </Context> > > I'm guessing the file you edited was CATALINA_BASE/conf/context.xml? > > That's not the right file to edit. Undo all the changes you made to > conf/context.xml. > > Instead, you want to edit the META-INF/context.xml file in your own > webapp (or CATALINA_BASE/conf/[engine]/[host]/admin-console.xml if you > have manually-deployed your application using an XML descriptor). > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJTFQCoAAoJEBzwKT+lPKRYGXQQAKgWOzPpKvC9YvuSJWdDY5Ud > 325eSaK73rns77SWz2nUFt3je5GTEFmQAuCyBHueeaGgaFsY9GrkE9/YtsuWxB52 > gO22zYywmTtfSY4MNt5z4dolbWfkktcFkLA96FQxa4ZI7ZdvmyL4XRRPJSSKRck3 > qushWLC5IhbTknnbbOFm3OAv/xY60dzorB8ashIDjMO1Rm+6xOWf2x3PeTAeuy8K > h5rKVi1u2KkMnbMtvJABX2WGdYZA+r/LNozotXHDGApvEVFu4+YtRWpZx2kgeVVG > 0pbgLlfmT3cltDGkfOLq7xk11/VJNVR/A276naolfA+lWlqg0ccTVy7T/HrYaVZ8 > dHXh09GFAgxneC+JCdMzDGFaI1LEhMaDv9OhyEYCOjoz60c1lYg2idfFXffSTiFj > QRgfesyer8jYWD0pyEQ939EOXKLnR2ClbwqkHvXZNKDf8NtitBeF45hUmxixuDhb > GBu+tuBVEHWXJpmCkmh/Xd9iwGPU3w2geGnZXPUpDaERdKlKL/zbzLBpxvP9TpOs > 0IMc3ZkZ39jnrMVfDbbloNRKMdbxSSlb/OMyDocZheSLw6QlECALfLZumQZCk759 > z5BDS8zvINbpdUrUxLG7ZYTW+6ZXpR7N9nVF+ab2BnTC58J5aUb623FtSOuk1J2/ > hMPVhRwdGyHLNccn82t4 > =YZJb > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
