Securing Tomcat Manager to localhost access

Needed to secure my tomcat manager to localhost access only.

This is what you need to do.
In your /conf/catalina/localhost, create or edit a file call manager.xml.

Inside put the following.

<Context path="/manager" debug="0" privileged="true">

      <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1"/>

      <!-- Link to the user database we will get roles from
      <ResourceLink name="users" global="UserDatabase"
type="org.apache.catalina.UserDatabase"/>
        -->
</Context>

This should only allow localhost to connect to the manager application on tomcat.tom

Tomcat and JRockit

One probelm with Tomcat is that if you deploy and app too many times you will hit a java.lang.OutOfMemoryError: PermGen space sooner or later. This is especially prevalent if you use things like Hibernate, Apache commons logging.

Here’s the way that I setup Tomcat to run with JRockit.

open setclasspath.bat in <Tomcat Home>\bin

Put in the follwing lines after the last comment from the top

set JAVA_HOME=<jrockit home>

Just run tomcat using the startup.bat file and go to the status page at http://<ip>:<port>/manager/status you should see a table “Server Information” with a heading JVM Vendor as Bea Systems,Inc .

I tested this with Tomcat 6.0.18 and JRockit 1.6.05_b13

External Links:

Info I found on running JRockit and Tomcat as a windows service.

Some links on the Perm Gen issue.

Crashing Tomcat

Preventing Java’s java.lang.OutOfMemoryError: PermGen space failure

Memory leak – classloader won’t let go