Hi Thx for the reply
>> restrict based on roles so in /conf/tomcat-users.xml By using the AAA Realm, UserId / Passwd would be definitely an usage , But the intension for doing the same is NOT to expose the "/admin/*" to INTERNET and reply with ERROR 404 for the same, But in case of INTRANET usage access for "/admin/*" should be provided Note:- The admin also has a set of Log-in credentials as similar to normal "non admin" case, So using realm would double up the process un-necessarily. Please appreciate this process for more ideas ! With regards Karthik -----Original Message----- From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Tuesday, April 21, 2009 8:10 PM To: Tomcat Users List Subject: RE: R: Apache / Tomcat Load Balanced mode you can restrict based on roles so in /conf/tomcat-users.xml you can define username fubar to role 'newrole' <user username="fubar" password="fubar" roles="newrole"/> then in WebAppName/WEB/INF/web.xml <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>HTMLManger and Manager command</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>newrole</role-name> </auth-constraint> <security-role> <role-name>newrole</role-name> </security-role> </security-constraint> any access to YourWebAppName/admin are enabled only to role='newrole' Martin ______________________________________________ Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: karthik.nanjang...@xius-bcgi.com > To: users@tomcat.apache.org > Date: Tue, 21 Apr 2009 18:19:42 +0530 > Subject: RE: R: Apache / Tomcat Load Balanced mode > > Hi > > Thx for the same > > Web application would be installed on 3 nodes of Tomcat below the single load > balancer of Apache http 2.x server > > >> "www.acme.com" being exposed to INTERNET > >> > >> "www.acme.com/admin" being exposed to INTRANET > > > > We would like to block the "/admin" from the INTERNET access > If some body uses "/admin" the response should be blocked > > If the same "/admin" is to be used within the INTRANET local access > We should be able to display the credentials > > > How To achieve the same ? > > > With regards > karthik > > > > > > > > -----Original Message----- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Tuesday, April 21, 2009 12:51 PM > To: Tomcat Users List > Subject: Re: R: Apache / Tomcat Load Balanced mode > > On 21.04.2009 09:06, Leandro Dardini wrote: > > > > > >> -----Messaggio originale----- Da: Karthik Nanjangude > >> [mailto:karthik.nanjang...@xius-bcgi.com] Inviato: martedì 21 > >> aprile 2009 7.34 A: Tomcat Users List Oggetto: Apache / Tomcat Load > >> Balanced mode > >> > >> Hi > >> > >> Would the same work with Apache / Tomcat Load Balanced mode > >> > >> Configuration for single installation of the web application > >> "acme" > >> > >> > >> "www.acme.com" being exposed to INTERNET > >> > >> "www.acme.com/admin" being exposed to INTRANET > >> > >> > >> Reason : The application uses a single DB to request of orders > >> (from Subscribers) and same URL with *admin* would process the > >> orders ( Internal Employees) and should not be exposed to outside > >> world. > >> > >> > >> Is there any Configuration with in Apache or Tomcat to achieve the > >> same? > >> > >> > >> > >> With regards Karthik > >> > >> > > > > Maybe I don't understand your question, but to me there is no > > difference in configuring access in Load Balanced or not Load > > Balanced mode. > > > > As regarding the admin section, you can filter it using apache access > > control. > > I agree, load balancing seems to be not related to the question. > > One first decision would be, whether you are able to deploy your > application twice, once as the ROOT context and once as admin. Then > everything will become obvious. > > If you only want to deploy it once, e.g. as admin, then you will need to > do URL rewriting in the Apache-Layer. When using mod_proxy, you can find > info about that at > > http://httpd.apache.org/docs/2.2/mod/mod_proxy.html > > When using mod_jk, look at > > http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html > > Regards, > > Rainer > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Rediscover Hotmail®: Get quick friend updates right in your inbox. http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Updates2_042009 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
