Secure Tomcat Hosting: Restrict Access to Your Web Application

KB Product Documentation Java Java App Servers Tomcat and TomEE Restrict Access to the Web Application Viewed: 4558
0 0

Secure Tomcat Hosting: Restrict Access to Your Web Application

Can you ever have too much security for your application? In today’s environment, applications are frequent targets for attacks and vulnerabilities. Therefore, being able to restrict access to your application is essential for your business’s security.
In this article, we’ll show you how to safeguard your application running on a Tomcat server on AccuWeb.Cloud. We recommend two effective methods to restrict access to your application. You can choose one or implement both:

  1. Request user authentication
  2. Block specified IP addresses

configuring authentication settings, you can define multiple users and assign them different levels of access through roles.

Additionally, if you notice any suspicious activity from specific IP addresses, you can block those IPs to safeguard your application.

Let’s walk through the necessary configuration steps to enhance your application’s security.

Authentication

Step 1. To set up user authentication for accessing your Tomcat-based web application, follow these steps:

Step 2. Navigate to the environment where your application is deployed and click the Config button for your Tomcat server.

Step 3. Open the opt/tomcat/conf/ folder and select the tomcat-users.xml file.

Step 4. Add new users with the necessary credentials and roles, then save the changes.

For example:


<user username="test" password="test" roles="admin"/>
<user username="test1" password="test1" roles="user"/>

Authentication

Open the web.xml file in the same folder and add the security constraints for the new user.


<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>

Step 5. Save your changes and restart the Tomcat server.

Step 6. Now, users will be prompted to log in when they try to access your application.

Access Your Application

Client IP Address Access Deny

Step 1. To restrict access to your web application for specific client IP addresses, follow these steps:

Step 2. Go to the environment where your application is deployed. Click the Config button for the Tomcat server.

Step 3. Navigate to the /opt/tomcat/webapps/ROOT/META-INF folder and open the context.xml file.

Step 4. Add the following lines to the context.xml file:


<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="{IP_address}" />
</Context>

Restrict Access

Step 5. Save the changes and restart your Tomcat server.

Note: If the context.xml file does not exist in your /opt/tomcat/webapps/ROOT/META-INF folder, create it, add the specified lines, and restart your Tomcat server to apply the changes.

Step 6. This configuration will deny access to the specified IP addresses.

Deny Access for this Spesified IP

Step 7. And that’s it! Pretty straightforward, right?

Just a few simple steps can help safeguard your application from unauthorized access. These basic configurations are essential for enhancing the security of your web application.

Save $100 in the next
5:00 minutes?

Register Here