Have Geek Brain

Restrict access to web application other than localhost

I have hv 3 java web applications running on jetty and I want one of them to be accessible only via localhost. I don't want to write a filter. Can this be done by changing the dock configuration?

+2


a source to share


3 answers


An absolutely simple solution is to bind your server socket to localhost only. Setting host

your connector parameter localhost

shouldn't do the job. Note that this only works for localhost, this will force Jetty to only listen on the loopback interface.



+2


a source


Playing with virtual hosts

To do this through configuration, you can use virtual hosts. From the documentation :

Let's also assume we have another webapp, zzz.war. We want xxx.war to be deployed as above and zzz.war is only deployed from 777.888.888.111, www.other.com, www.other.net, and www.other.org:

<!-- webapp xxx.war -->
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
  <Set name="contextPath">/xxx</Set>
  <Set name="war"><SystemProperty name="jetty.home"/>/webapps/xxx.war</Set>
  <Set name="virtualHosts">
    <Array type="java.lang.String">
      <Item>333.444.555.666</Item>
      <Item>127.0.0.1</Item>
      <Item>www.blah.com</Item>
      <Item>www.blah.net</Item>
      <Item>www.blah.org</Item>
    </Array>
  </Set>
</Configure>

<!-- webapp zzz.war -->
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
  <Set name="contextPath">/zzz</Set>
  <Set name="war"><SystemProperty name="jetty.home"/>/webapps/zzz.war</Set>
  <Set name="virtualHosts">
    <Array type="java.lang.String">
      <Item>777.888.888.111</Item>
      <Item>www.other.com</Item>
      <Item>www.other.net</Item>
      <Item>www.other.org</Item>
    </Array>
  </Set>
</Configure>

Thus, we could assume that one webapp is "deployed" to the local 127.0.0.1 IP address and the other to the names corresponding to the network IP address.

Playing with connectors

Another option is to define two connectors and bind Jetty on localhost for only one of them. ATjetty.xml 



<Configure class="org.mortbay.jetty.Server">

    <!-- set up both connectors -->
    <Set name="connectors">
      <Array type="org.mortbay.jetty.Connector">
        <Item>
          <New  class="org.mortbay.jetty.nio.SelectChannelConnector">
            <Set name="host"><SystemProperty name="jetty.host" default="localhost"/></Set>
            <Set name="port">8080</Set>
            <Set name="maxIdleTime">30000</Set>
            <Set name="Acceptors">1</Set>
            <Set name="name">connA</Set>
          </New>
        </Item>
        <Item>
          <New id="connB" class="org.mortbay.jetty.nio.SelectChannelConnector">
            <Set name="host"><SystemProperty name="jetty.host" default="0.0.0.0"/></Set>
            <Set name="port">9090</Set>
            <Set name="maxIdleTime">30000</Set>
            <Set name="Acceptors">1</Set>            
            <Set name="name">connB</Set>
          </New>
        </Item>
      </Array>
    </Set>

</Configure>

And then "assign" your webapp to the connector of your choice. For example, in contextA.xml

:

<Configure  class="org.mortbay.jetty.webapp.WebAppContext">      
  <Set name="war"><SystemProperty name="jetty.home"/>/webapps/A</Set>
  <Set name="contextPath">/webappA</Set>
  <Set name="connectorNames">
    <Array type="String">
      <Item>connA</Item>
    </Array>
   </Set>
  ...
</Configure>

But as you can see, different connectors mean listening on different ports (unless you have multiple network adapters).

see also

+2


a source


Filter writing is a portable solution that is easy to set up and use. He will only request.getRequestURL()

have to check if it islocalhost

In this thread, you can see the option to use apache as front-end.

Another option is to simply have instances of the servlet container running on different ports and use a firewall to block one of the ports.

0


a source






More articles:


All Articles