stackoom
  简体   繁体   中英

In tomcat manager, how can I restrict users to be able to deploy/undeploy just a specific application?

 原文  2017-02-15 10:11:55       java/ tomcat/ deployment/ authorization

Question

could anyone please tell me if it is possible to define a role for tomcat user of the default app manager in a way, that he would be able to deploy only specific application? The situation is that developers can deploy only via console since the server itself is administered by third party. And dealing with it costs money (literally). The security requirement is that they should be able to deploy and undeploy just the application they are working on. The notion of multiple tomcat instances was refused. Is there any third party application which could do that? Any ideas are welcome.

2 answers

solution1
 -1  2017-02-17 15:22:29

Tomcat's built in Manager application does not support this. Assuming you trust your staff, I'd suggest a different approach. Use social controls rather than technical controls.

If anyone does something they shouldn't the access logs will tell you who did it and then you can take appropriate action.

solution2
 -1  2017-07-02 14:23:47

Try this:

First of all, Create a new users xml database file inside [tomcat_home]/conf , lets call it tomcat-users-2.xml .

Add the following entry into the tomcat-users-2.xml file:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <user username="[$yourUsername]" password="[$yourPassword]" roles="tomcat,manager-gui"/>
</tomcat-users>

Notice that you can add more than one user tags in the <tomcat-users>

Then in your [tomcat_home]/conf/server.xml file, find <GlobalNamingResources> tag and add (inside it):

<Resource name="UserDatabase2" auth="Container"
          type="org.apache.catalina.UserDatabase"
          description="User database that can be updated and saved"
          factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
          pathname="conf/tomcat-users-2.xml" />

Place the following code inside the <Host ...></Host> tags of the app you want to restrict the user to:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase2"/>

Finally you must Restart Tomcat for the changes to take effect.

For more information, check out this link

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to stop / undeploy a specific webapp locally in tomcat 8? How to redeploy war file in tomcat without deleting/undeploy the old application? Not able to deploy springboot application in an external tomcat How can i deploy java project in tomcat? mvn:deploy can not invoke tomcat manager How can I deploy war in Tomcat 6 Can't deploy application to Tomcat I'm not able to log in Tomcat Manager App How to deploy a hibernate application on Tomcat? How can i send push notification to specific users just knowing the userID inside Button OnClickListener? Firebase
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM