i am using subnet-match in jboss 7.1.1 Final standalone.xml file for the management http url.
<interfaces>
<interface name="management">
<subnet-match value="10.62.65.0/254"/>
</interface>
</interfaces>
but i can still access the management url from other subnets.
is there anything else i need to configure?
thank you
To disable management url you can just bind it to localhost, which is default anyhow.
this way url won't be accessible from any remote machine.
To completely disable it, you can just remove whole
<management-interfaces>
...
</management-interfaces>
from standalone.xml
Related
I am using Tomcat8. I deployed a war file by name admin.war.This resulted in my URL turning out to
http://localhost:8080/admin.
Nevertheless, I want the URL to be http://localhost:8080. So I tried adding the following inside /conf/server.xml as mentioned here.
< Context path="" docBase="Advocatoree" debug="0" reloadable="true" >
However, this did not work. Is there an alternative?
Try to add a file called ROOT.xml in <catalina_home>/conf/Catalina/localhost/
And enter there the following:
<Context
docBase="yourAppName"
path=""
reloadable="true"
/>
Now your application is default application on your server and you can access it with URL http://localhost:8080
I have have a domain name (for example myapp.com) that I am using it to redirect to a web application (for exmple "myapp"), which is deployed on my tomcat server (for example in "myserver.es/myapp"). I added this fragment to the server.xml file of the tomcat to configure the redirection:
<Host name="myapp.com" appBase="webapps/myapp"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="/" docBase="."/>
<Alias>www.myapp.com</Alias>
</Host>
Apparently it is working good, if I write "mydomain.com" in the browser the app is shown correctly.
The problem: when I generate a new WAR file of that app and I upload it to the Tomcat server (after stopping and undeploying the previous version), the changes related with Java code are not shown. I have to restart my tomcat server to access to the last version of the app from "myapp.com".
In contrast, if I access to "mydomain.com/myapp", I can see the last version of the app, showing the changes made in the last WAR.
So, I think that the problem is related with the redirection. It is anything wrong with the previous XML code?
The other "Host" configured in the server.xml is this one:
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
You might be having issues with Parallel Deployement
You could set undeployOldVersions="true" inside your host to see if that works.
Finally, I've discovered the solution! I needed to set privileged="true" inside the Context tag.
I'm french, and it looks like the binding word is used all over the world to link anything.
I'd like to specify which IP address is allowed to access the JBoss management web application, so I started with :
<interfaces>
<interface name="management">
<inet-address value="15.16.17.18"/>
</interface>
<interface name="public">
<any-address/>
</interface>
</interfaces>
Where 15.16.17.18 is my IP address. But first, it would be ok only for one IP, and probably no more for localhost.
Second, it looks like binding here means that it's linked to the IP Address of the Network card - I suppose servers can have many IP address binded.
Is there a way to define allowed IP with JBoss ? Or do I have to use Apache/Nginx to allow IP address based on the port ?
The inet-address you're looking at is for telling JBoss which IP Address to bind to, not which addresses are allowed to access the component.
To address your problem of only allowing certain hosts to have access to your management console, you will require something like an Apache server fronting your JBoss 7 server with the rules defined accordingly on the Apache server.
Within the web.xml of a Java EE Servlet Container (Tomcat, Glassfish etc.) I can set a security constraint to restrict the access to a certain resource.
Is it possible to make a distinction between access from localhost and all the others? I want to enable authentication in a glassfish server for all external calls to a webapp but not from localhost. Is that possible?
Put this in your /META-INF/context.xml:
<Context>
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127\.0\.0\.1"/>
</Context>
I have Apache as front-end to my Tomcat server where I have deployed a CXF web service. All access to my web service happens through SSL which is handled by Apache web server. This means that my Tomcat server is totally unaware of SSL. As a result my CXF generated web service has a http endpoint URL. How do I make it HTTPS while giving the opportunity of handling SSL to Apache web server. Any clue to override endpoint URL scheme?
If you do that, you should also set proper address (that with HTTPS) in publishedEndpointURL.
Like here: How to start cxf service on localhost but return external address in wsdl?
This will make imports in generated WSDL point to proper URLs.
In you case you need to enable SSL connector for Tomcat (in case you use mod_proxy in Apache), or you need to to enable secured AJP connector (in case you use mod_jk):
<Connector protocol="AJP/1.3" redirectPort="443" scheme="https" secure="true" address="127.0.0.1" port="8009" />
CXF is out of game here.
I had the same problem, and solved it by using a JNDI lookup for a base URL, then constructing a url for publishEndpointUrl. In XML config, it looks something like this:
<jee:jndi-lookup id="ProxyURL" jndi-name="myProxyURL" resource-ref="true" cache="true" />
<bean id="EndpointURL" class="java.lang.String">
<constructor-arg value="#{ProxyURL+'/myServiceAddress'}"/>
</bean>
<jaxws:endpoint
id="myServiceEndpoint"
...[other parameters]...
publishedEndpointUrl="#EndpointURL">