Reputation: 2037
How can I programmatically and IP based limit access to my .war file?
I'm deploying a bunch of .ear files within several JBoss 5.1 instances. Now I need to limit access to one of those applications to various IP addresses, depending on its hosting server. The application's structure is
application.ear-file
|-> embedded .jar-file
|-> embedded .war-file
I know how to do that by editing the WEB-INF/web.xml of the application in question, but I'm dealing with automated deployments which happen on a regular basis, and the limitations differ between the various servers.
So I thought of putting a configuration file containing the allowed IP addresses on each server and limit the access by having my application read those addresses and locking itself accordingly in on JBoss start would be a feasible way to do that. But I cannot find any documentation on how to progammatically limit access to an application.
Is EJB Security - for example - capable of doing this?
Upvotes: 0
Views: 1111
Answers (1)
Reputation: 20800
I think for your scenario RemoteAddrValve is appropriate to use. You can restrict this on a per application basis by adding the IP addresses under .WAR/WEB-INF/context.xml file or you can set it globally by configuring it in deploy/jbossweb.sar/server.xml. The valve supports regular expressions as well.
An example config:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="1.1.1.2,1.1.1.3,1.1.4.*" />
Upvotes: 1
Related Questions
- Give access to JSP file/folder only for particular IP address
- How to restrict client IP address in Java Web Application
- How to define allowed IPs for JBoss management console
- Is it possible to provide security for war file?
- How can I limit access to a deployed application on JBoss 7 to localhost only?
- Tomcat server IP address restriction methods?
- Limit access to local IPs only on Jboss 7
- Configuring a war file
- Advice on running a .war on a web server
- Preventing access to war file without using .htaccess / apache conf