Is there a way to configure shutdown command value & shutdown port in spring embedded tomcat?
Here is the details how to harden tomcat server:
Rationale:
Setting the shutdown attribute to a nondeterministic value will prevent malicious local users from shutting down Tomcat.Required Configuration: Perform the following to set a nondeterministic value for the shutdown attribute.
- Update the shutdown attribute in $CATALINA_HOME/conf/server.xml as follows: 2. Note: NONDETERMINISTICVALUE should be replaced with a sequence of random characters.
What I have found so far: By default, spring-boot shutdown port is disabled. And it is managed by spring actuator.
I want to confirm, if my assumption is correct about the shutdown configuration in spring actuator is same as the shutdown property in tomcat server.xml. The reason I'm dealing with this issue is that I'm trying to apply 'tomcat-hardening' on embedded-tomcat.
If not, what could be the other way to modify this shutdown port and value in spring-boot embedded-tomcat?