top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Restrict incoming connections per Application Tomcat 6.0.37

+3 votes
430 views

I'm developing a permission system in Tomcat and I would like to restrict incoming connections per application. I mean, I want to restrict incoming connections in some applications and permit them in others.

I have tried to do it with the Security Manager (SocketPermission), but it doesn't restrict all incoming connections. And also I have tried with RemoteAddrValve and RemoteHostValve () but it restricts all connections, not only the incoming ones. I have been searching other way to do that but I couldn't find anything.

Is it possible? Could anybody help me?

posted Dec 14, 2013 by Deepankar Dubey

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button
I'm going to try to explain myself better.

What I'm trying to do is create a permission system in Tomcat. This permission system must allow or avoid the next connections:
- Receive from IP. The application with this permission only can accept connections (or receive information) from an IP. It can't send anything or connect to anywhere.
- Receive All. The application with this permission can accept connections (or receive information) from any IP. It can't send anything or connect to anywhere.
- Send and Receive IP. The application with this permission can accept connection and connect to an IP.
- Send to IP. The application with this permission only can connect or send information to an IP. It can't receive information or accept connections from anywhere.
- Send to All. The application with this permission can connect or send information to any IP. It can't receive information or accept connections from anywhere.

With the SocketPermission, I can avoid that one application connects to an specific IP or any IP (not granting SocketPermission "connect"). But if I try to avoid that one IP connects to the application (not granting SocketPermission "accept"), it doesn't restrict all connections. For example, I can connect to the application from a browser in another host. (I'm using the Security Manager in a correct way because it works with others permissions).

If I add  to the context.xml, I can restrict the previous example, but with this I restrict all connections, so it doesn't allow me to do what I want.

If I combine the SocketPermission with the RemoteHostValve I can grant the first three permissions (or connections) in my list above. But I need to restrict the incoming connections (accept connections) to grant the last two.

1 Answer

+1 vote

So you want one application to disallow all connections, but others can receive incoming requests? Why not just un-deploy the application you don't want to be accessible?

I have tried to do it with the Security Manager (SocketPermission), but it doesn't restrict all incoming connections.

Really? You must have done it incorrectly, because disabling SocketPermission should have prevented Tomcat from binding to the port in the first place. No connection would be possible at all. Note that you need to enable a SecurityManager in order to use SockerPermission, and that Tomcat's default security configuration is to allow the appropriate SocketPermissions, so you'd have to seriously damage your Tomcat installation in order to do that. I don't recommend it.

And also I have tried with RemoteAddrValve and RemoteHostValve () but it restricts all connections, not only the incoming ones.

What other kinds of connections are there, other than incoming ones?

I have been searching other way to do that but I couldn't find anything.

You haven't really described what you want to accomplish. "Restrict incoming connections per application" could mean a range of things. Do you want to prohibit certain connections (e.g. non-localhost), throttle connection rates, or require authentication for certain applications?

answer Dec 14, 2013 by anonymous
Similar Questions
+2 votes

With Tomcat 7.0.40 version, we are using Tomcat DBCP for pooling connections.

We are able to pool connections for different aliases. But for one alias, connections are not pooling. The user and password is good because the same alias in apache dbcp works fine.

Why are we not able to pool any connections here?

+2 votes

I try to run www.icescrum.org on my Tomcat 7 on Ubuntu 12.04 with OpenJDK.

I have installed Tomcat with apt-get and also I have installed the libmysql-java package. On starting Tomcat it reports on a stacktrace log, that the mySQL connector is not found (java.lang.ClassNotFoundException: "com.mysql.jdbc.Driver").

So I have try to create a symlink in Tomcats lib dir to the jar file and try to modify the properties of the search paths:

common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,
${catalina.home}/lib/*.jar,/var/lib/tomcat7/common/classes,/var/lib/tomcat7/common/*.jar
server.loader=/var/lib/tomcat7/server/classes,/var/lib/tomcat7/server/*.jar
shared.loader=/var/lib/tomcat7/shared/classes,/var/lib/tomcat7/shared/*.jar

The JDBC mySQL Jar is stored under /usr/share/java with two symlinks, I have tried to create a symlink from Tomcats lib dir (/usr/share/tomcat7/lib) to ../../java/mysql.jar but the mySQL is also not loaded. The CATALINA_HOME is set to /usr/share/tomcat7 and the CATALINA_BASE is /var/lib/tomcat7, so imho it should be worked.

How can I create a working IceScrum with mySQL and a shared mySQL connector?

+1 vote

I have some doubts about pool of connections with my application developed in PHP. I want optimize the use of resources and database connections has a high computational cost. So the idea is keep a pool of open connections with database.
I'm using Apache webserver, language PHP and PostgreSQL database. In this case the pool of conections must be configured on Apache, PHP or PostgreSQL?

+2 votes

Does anyone knows how-to disable SSL v3 in older tomcat version, I have tried to variety solution including sslProtocols or sslEnabledProtocols but it both did not work well, the Firefox I am using to test is only select TLS 1 and result is that I were not able to access the site.

Below is the server information:

Server version: Apache Tomcat/6.0.18
Server built: Jul 22 2008 02:00:36
Server number: 6.0.18.0
OS Name: Windows 2003
OS Version: 5.2
Architecture: x86
JVM Version: 1.6.0-b105
JVM Vendor: Sun Microsystems Inc

...