We use tomcat 9 with spring/hibernate. Obviously its a production code and the tomcat manager is not there. For the tomcat hardening we are trying to turn off the "autoDeploy" via code dynamically. We can do that in server.xml as :
<Host appBase="webapps" autoDeploy="false" name="localhost" unpackWARs="true">
Can that be done? Is there a way to do this programatically?
EDIT: Code attempted:
package test.servlet;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomcat.util.modeler.Registry;
public class TestServlet extends HttpServlet {
ObjectName oname = null;
MBeanServer mBeanServer = null;
public void service(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String name = request.getParameter("app");
PrintWriter writer = response.getWriter();
try {
oname = new ObjectName("Catalina:type=Deployer,host=localhost");
mBeanServer = Registry.getRegistry(null, null).getMBeanServer();
if (!isDeployed(name) && !isServiced(name)) {
writer.println("deploying application -> " + name);
addServiced(name);
try {
// Perform new deployment
check(name);
} finally {
removeServiced(name);
}
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
protected void check(String name) throws Exception {
String[] params = { name };
String[] signature = { "java.lang.String" };
mBeanServer.invoke(oname, "check", params, signature);
}
protected void addServiced(String name) throws Exception {
String[] params = { name };
String[] signature = { "java.lang.String" };
mBeanServer.invoke(oname, "addServiced", params, signature);
}
protected boolean isDeployed(String name) throws Exception {
String[] params = { name };
String[] signature = { "java.lang.String" };
Boolean result = (Boolean) mBeanServer.invoke(oname, "isDeployed", params, signature);
return result.booleanValue();
}
protected boolean isServiced(String name) throws Exception {
String[] params = { name };
String[] signature = { "java.lang.String" };
Boolean result = (Boolean) mBeanServer.invoke(oname, "isServiced", params, signature);
return result.booleanValue();
}
protected void removeServiced(String name) throws Exception {
String[] params = { name };
String[] signature = { "java.lang.String" };
mBeanServer.invoke(oname, "removeServiced", params, signature);
}
}
I guess you would have to disable deployOnStartup and autoDeploy both.
Reference from the Tomcat 9 docs for host :
If you disable deployOnStartup and autoDeploy, then you would need to explicitly configure the manager app via a Context element in server.xml and then use it to deploy additional WAR files/directories.
Note : You can disable auto deploy via setting -
autodeploy="false"
in yourserver.xml
file.Read more at : Apache Tomcat 9 Configuration Reference