0

I'm deploying a bunch of .ear files within several JBoss 5.1 instances. Now I need to limit access to one of those applications to various IP addresses, depending on its hosting server. The application's structure is

application.ear-file
|-> embedded .jar-file
|-> embedded .war-file

I know how to do that by editing the WEB-INF/web.xml of the application in question, but I'm dealing with automated deployments which happen on a regular basis, and the limitations differ between the various servers.

So I thought of putting a configuration file containing the allowed IP addresses on each server and limit the access by having my application read those addresses and locking itself accordingly in on JBoss start would be a feasible way to do that. But I cannot find any documentation on how to progammatically limit access to an application.

Is EJB Security - for example - capable of doing this?

Dennis Winter
  • 2,027
  • 4
  • 32
  • 45

1 Answers1

1

I think for your scenario RemoteAddrValve is appropriate to use. You can restrict this on a per application basis by adding the IP addresses under .WAR/WEB-INF/context.xml file or you can set it globally by configuring it in deploy/jbossweb.sar/server.xml. The valve supports regular expressions as well.

An example config:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="1.1.1.2,1.1.1.3,1.1.4.*" />
CoolBeans
  • 20,654
  • 10
  • 86
  • 101
  • Thanks CoolBeans. But how can I do this dynamically per application? I cannot edit the contents of the .war-file during build. I'd need to do this for more than 40 servers individually. – Dennis Winter Apr 17 '13 at 05:33
  • Is setting it globally in the jboss server an option for you? Are there other apps deployed on the server that may have issues with setting it globally? – CoolBeans Apr 17 '13 at 05:59
  • If I can apply a context based filter a global, conigurable setting would definately be my favourite solution. Thanks to your post I found http://stackoverflow.com/questions/1839618/tomcat-valve-settings, so I will try this! Seems promising! :) – Dennis Winter Apr 17 '13 at 06:11
  • 1
    Yes thats what I was referring to about adding the valve in server.xml under jbossweb.sar. – CoolBeans Apr 17 '13 at 06:15
  • I can't get it to work. I placed a Context tag containing path and docBase on various positions within the server.xml, and JBoss keeps telling me ".JBossXBRuntimeException: Context cannot appear in this position. Expected content of Server is unordered_sequence: Listener* Service* attributes?" – Dennis Winter Apr 17 '13 at 14:52
  • Did you add it as a child element under the host element in the `server.xml` file? – CoolBeans Apr 17 '13 at 15:07
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/28384/discussion-between-sotapanna-and-coolbeans) – Dennis Winter Apr 17 '13 at 15:57