In some environments it may be desirable to restrict admin activities to a particular HTTP endpoint. It is possible to configure multiple endpoints, and nominate one of them for admin access. Admin users are still able to log in via other endpoints, but any Roles they have that imply admin rights are temporarily stripped for that session.
To configure this, edit
[INSTALL_HOME]/tomcat/conf/server.xml, and uncomment the additional
The Connector configuration is heavily customizable. Other than the
address attributes, all others use the same values as the default Connector. It may be desired to change the other attributes to increase security on the admin endpoint only.
For the above configuration to work, a couple of lines need to be added to either
local.properties, located in
[INSTALL_HOME]/conf/. The default custom properties has examples for these, commented out. Uncomment these and adjust the values as appropriate to your environment.
After restarting the server, all HTTP requests are subject to checking against this configuration. Only requests made to the configured endpoint will be considered for admin operations. This includes normal access via the web browser client, but also REST and CLI access.