How to make Tomcat read allow IPs from a different place than server.xml

Question

I'd like regular users to be able to add allowed IP addresses to Tomcats firewall, without having to manually edit the server.xml file (so I don't have to do it). Is there a way to do that (without regenerating the server.xml file)?

Answer 1

There isn't an ideal way to do this.

The only way to edit this list dynamically is via JMX. You can either write a servlet (suitably protected) to do this or provide full JMX access (equivalent to full admin access) and use JConsole or similar. The downside is that changes cannot be persisted.