how does one protect a webapp to be accessed only by localhost

how does one protect a webapp to be accessed only by localhost  using -'security,deployment,java-ee,solr,web-applications'

I am planning to run a java web application and solr in the same java container. I want the web application to be publicly accessible but solr to be accessible only to the other web applications in the same container. Solr should be accessible only as localhost and not from outside. Can we write some rules in the web-xml to achieve this?

asked Oct 11, 2015 by deepak07.s
0 votes

3 Answers

0 votes

This is actually a question for serverfault. Anyway, you can deal with this the same way you deal with any internal server, like a database server: don't give Solr a public IP, or put it behind a firewall.

Other than that, you could set up HTTP auth (Tomcat example) or set the container to only listen on localhost (that is, if your web app runs on the same box) (jetty example), but I recommend putting it behind a properly configured firewall instead.

Also see the SolrSecurity wiki page, but it deals mostly with Solr-level security.

answered Oct 11, 2015 by sameer rathore
0 votes

For Resin you can define security constraint by ip addresses. Below is sample from Resin 2.X I'm using it might be slightly different for Resin 3 or 4


answered Oct 11, 2015 by param.oncemore
0 votes

I found this link on the Solr wiki that details installation procedures and also ways of securing the application.

answered Oct 11, 2015 by nimisha.jagtap