java - Tomcat Valve settings

Question

I'm stuck with sort of a configuration issue I think. I need to protect a folder which is within my actual tomcat application from access from a certain IP range.

I thought this was serverfault, so I posted the question there. Right now I'm not sure whether this is SO or SF anyways...

Nevertheless I kept on trying geting it going by myself and figured that I need to set the

org.apache.catalina.valves.RemoteAddrValve

for that folder of mine. Sadly I just can't get where I need to make that setting. web.xml, server.xml ? Tried both, null success. Could anyone pls help me out on this.

tia

K

Answer 1

It should go inside your <Context> element in server.xml:

<Context
    path="/tcadmin"
    docBase="${catalina.home}/server/webapps/admin"
    privileged="true"
>
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="127.0.0.1"
    />
</Context>

Just remember, that the string values are regex patterns, so special regex characters ( e.g. dot(.) ) has to be escaped with backslashes.

EDIT: in reply to OP's comment. I think you need to implement a FILTER in your web app and configure it to accept or reject requests based on their remote address IP. Remote address can be retrieved from ServletRequest object passed into doFilter method.

You declare a filter in your web.xml file:

<filter>
  <filter-name>GatekeeperFilter</filter-name>
  <filter-class>your.package.GatekeeperFilter</filter-class>
  <init-param>
    <param-name>allowedNetwork</param-name>
    <param-value>192.168.2.*</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>GatekeeperFilter</filter-name>
  <url-pattern>/path/to/protected/folder</url-pattern>
</filter-mapping>

Read the linked article about what need to be done to accept init parameters. I think for your decision making you can shamelessly copy the code from the RequestDumperValve.