Spring Boot – 在WAR文件部署到Tomcat时自动生成context.xml文件。

huangapple go评论76阅读模式
英文:

Spring Boot - Autogenerate context.xml while war file is deployed to tomcat

问题

问题描述 - 我想通过Spring Boot代码生成一个context.xml文件,以便每当我部署应用程序到Tomcat时,context.xml都会在META-INF文件夹下自动生成。

详细问题

我创建了一个将托管在VPS上的Tomcat服务器上的Spring Boot项目。

我想限制应用程序不被远程访问,即它只能从本地主机访问。

我通过以下步骤手动实现了这一点

  • 导航到{{tomcat}}/webapps/application文件夹
  • 导航到META-INF
  • 创建了一个包含以下内容的context.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>

这对我来说运行正常。然而,如果我部署一个新的构建,这将被覆盖,我的应用程序将再次暴露。

有人能帮我找到一种在生成和部署到Tomcat时每次自动创建此文件的方法吗?

英文:

Problem Statement - I want to generate a context.xml file through spring boot code so that, whenever I deploy application to tomcat, context.xml should be created by itseld under META-INF folder.

Detailed Question

I have created a spring boot project which will be hosted on tomcat server on a VPS.

I want to restrict the application from remote access. i.e. it should only be accessible from localhost.

I achieved this through below steps manually

  • Navigated to {{tomcat}}/webapps/application folder
  • Navigated to META-INF
  • Created a context.xml file with below content
&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;Context antiResourceLocking=&quot;false&quot; privileged=&quot;true&quot; &gt;
  &lt;Valve className=&quot;org.apache.catalina.valves.RemoteAddrValve&quot;
         allow=&quot;127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1&quot; /&gt;
  &lt;Manager sessionAttributeValueClassNameFilter=&quot;java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap&quot;/&gt;
&lt;/Context&gt;

This is working fine for me. However, if I deploy a new build, this will get overwritten and my application will be exposed again.

Can someone help me with a way to auto-create this file every-time war file is generated and deployed to tomcat.

答案1

得分: 0

我认为你需要的是即使在应用重新部署后,context.xml 保持不变。我认为 deployXml 属性可以帮助实现这一点。

在你的 Server.xml 文件中,添加 deployXml 属性并将其标记为 false。

<Host name="localhost" deployXml="false" appBase="webapps" unpackWARs="true" autoDeploy="true">

第二步,将你的 context.xml 移动到 conf/catalina/localhost 目录下。

根据 Tomcat 文档,链接如下 -
https://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Standard_Implementation

deployXML
> 如果你想禁用解析应用内嵌的上下文 XML 描述符(位于 /META-INF/context.xml),则设置为 false。
> 有安全意识的环境应该将其设置为 false,以防止应用与容器的配置进行交互。然后,管理员将负责提供外部上下文配置文件,并将其放在 xmlBase 属性定义的位置。
> 如果此标志为 false,则描述符位于 /META-INF/context.xml,且在 xmlBase 中没有描述符,则如果描述符包含安全部署所需的配置(如 RemoteAddrValve)则上下文将无法启动,这不应被忽略。
> 该标志的默认值为 true,除非启用了安全管理器,那时默认值为 false。在运行时启用安全管理器时,可以通过向 Web 应用程序授予 org.apache.catalina.security.DeployXmlPermission 来为每个 Web 应用程序启用此功能。
> 默认情况下,Manager 和 Host Manager 应用程序被授予此权限,以便它们在运行时启用安全管理器时继续工作。

英文:

I believe what you need is that the context.xml remains unchanged even after the application redeployment. I think deployXml attribute can help doing that.

In your Server.xml, add deployXml attribute and mark it to false.

&lt;Host name=&quot;localhost&quot; deployXml=&quot;false&quot; appBase=&quot;webapps&quot; unpackWARs=&quot;true&quot; autoDeploy=&quot;true&quot;&gt;

Second step, move your context.xml to conf/catalina/localhost

According to Tomcat Documentation here -
https://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Standard_Implementation

deployXML
> Set to false if you want to disable parsing the context XML descriptor
> embedded inside the application (located at /META-INF/context.xml).
> Security conscious environments should set this to false to prevent
> applications from interacting with the container's configuration. The
> administrator will then be responsible for providing an external
> context configuration file, and putting it in the location defined by
> the xmlBase attribute. If this flag is false, a descriptor is located
> at /META-INF/context.xml and no descriptor is present in xmlBase then
> the context will fail to start in case the descriptor contains
> necessary configuration for secure deployment (such as a
> RemoteAddrValve) which should not be ignored. The flag's value
> defaults to true unless a security manager is enabled when the default
> is false. When running under a security manager this may be enabled on
> a per web application basis by granting the
> org.apache.catalina.security.DeployXmlPermission to the web
> application. The Manager and Host Manager applications are granted
> this permission by default so that they continue to work when running
> under a security manager.

huangapple
  • 本文由 发表于 2020年8月10日 01:25:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/63329316.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定