Hi, I hv 3 java web-apps running in jetty and i want one of them to be accessed only through localhost. I dont want to write filter. Can it be done by modifying some jetty configuration?
Writing a filter is the portable solution, and is easy to configure and use. It would have only a request.getRequestURL()
to check whether it is localhost
In this thread you can see an option to use apache as front end.
Another option is to simply have to instances of the servlet-container, running on different ports, and use a firewall to block one of the ports.
Absolutely simplest solution is to bind your server socket to localhost only. Setting host
parameter of your connector to localhost
should do the work. Note that this only works for localhost, it will make Jetty to listen only on loopback interface.
Playing with Virtual Hosts
To do this by configuration, you could maybe use virtual hosts. From the documentation:
Suppose also we have another webapp, zzz.war. We want xxx.war to be deployed as above, and zzz.war to be deployed only from 777.888.888.111, www.other.com, www.other.net and www.other.org:
<!-- webapp xxx.war --> <Configure class="org.mortbay.jetty.webapp.WebAppContext"> <Set name="contextPath">/xxx</Set> <Set name="war"><SystemProperty name="jetty.home"/>/webapps/xxx.war</Set> <Set name="virtualHosts"> <Array type="java.lang.String"> <Item>333.444.555.666</Item> <Item>127.0.0.1</Item> <Item>www.blah.com</Item> <Item>www.blah.net</Item> <Item>www.blah.org</Item> </Array> </Set> </Configure> <!-- webapp zzz.war --> <Configure class="org.mortbay.jetty.webapp.WebAppContext"> <Set name="contextPath">/zzz</Set> <Set name="war"><SystemProperty name="jetty.home"/>/webapps/zzz.war</Set> <Set name="virtualHosts"> <Array type="java.lang.String"> <Item>777.888.888.111</Item> <Item>www.other.com</Item> <Item>www.other.net</Item> <Item>www.other.org</Item> </Array> </Set> </Configure>
So we could imagine having one webapp "deployed on" the local 127.0.0.1 IP address and the other deployed on names corresponding to the network IP address.
Playing with Connectors
Another option would be to define two connectors and to bind Jetty on localhost only for one of them. In your jetty.xml
<Configure class="org.mortbay.jetty.Server">
<!-- set up both connectors -->
<Set name="connectors">
<Array type="org.mortbay.jetty.Connector">
<Item>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host"><SystemProperty name="jetty.host" default="localhost"/></Set>
<Set name="port">8080</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">1</Set>
<Set name="name">connA</Set>
</New>
</Item>
<Item>
<New id="connB" class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host"><SystemProperty name="jetty.host" default="0.0.0.0"/></Set>
<Set name="port">9090</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">1</Set>
<Set name="name">connB</Set>
</New>
</Item>
</Array>
</Set>
</Configure>
And then "assign" your webapp to the chosen connector. For example, in contextA.xml
:
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Set name="war"><SystemProperty name="jetty.home"/>/webapps/A</Set>
<Set name="contextPath">/webappA</Set>
<Set name="connectorNames">
<Array type="String">
<Item>connA</Item>
</Array>
</Set>
...
</Configure>
But as you can see, having different connectors implies listening on different ports (unless you have multiple NIC).