It should go inside your <Context>element in server.xml:

它应该在你<Context>的 server.xml 元素中：

<Context
    path="/tcadmin"
    docBase="${catalina.home}/server/webapps/admin"
    privileged="true"
>
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="127\.0\.0\.1"
    />
</Context>

Just remember, that the string values are regex patterns, so special regex characters ( e.g. dot(.) ) has to be escaped with backslashes.

请记住，字符串值是正则表达式模式，因此必须使用反斜杠对特殊的正则表达式字符（例如 dot(.) ）进行转义。

EDIT: in reply to OP's comment. I think you need to implement a FILTERin your web app and configure it to accept or reject requests based on their remote address IP. Remote address can be retrieved from ServletRequestobject passed into doFiltermethod.

编辑：回复 OP 的评论。我认为您需要在您的 Web 应用程序中实现一个FILTER并将其配置为根据其远程地址 IP 接受或拒绝请求。可以从ServletRequest传递给doFilter方法的对象中检索远程地址。

You declare a filter in your web.xml file:

您在 web.xml 文件中声明了一个过滤器：

<filter>
  <filter-name>GatekeeperFilter</filter-name>
  <filter-class>your.package.GatekeeperFilter</filter-class>
  <init-param>
    <param-name>allowedNetwork</param-name>
    <param-value>192\.168\.2\.*</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>GatekeeperFilter</filter-name>
  <url-pattern>/path/to/protected/folder</url-pattern>
</filter-mapping>

Read the linked article about what need to be done to accept init parameters. I think for your decision making you can shamelessly copy the code from the RequestDumperValve.

阅读有关接受初始化参数需要做什么的链接文章。我认为对于您的决定，您可以无耻地从 RequestDumperValve 复制代码。

You need to put it in the <Context>element which definies the webapplication in question.

您需要将它放在<Context>定义相关 Web 应用程序的元素中。

For Tomcat it can be several places, under each the webapp-specific (and webapp-controlled) /META-INF/context.xmlor the server-specific (and server-controlled) /conf/[enginename]/[hostname]/context.xmlor the server-specific global /conf/context.xmlor the host-specific /conf/server.xml. Also see the Tomcat Context documentation.

对于 Tomcat，它可以位于多个位置，在每个特定于 webapp（和 webapp 控制）/META-INF/context.xml或特定于服务器（和服务器控制）/conf/[enginename]/[hostname]/context.xml或特定于服务器的 global/conf/context.xml或特定于主机的/conf/server.xml. 另请参阅Tomcat 上下文文档。

The Tomcat Valve can be applied to the whole Engine, the Host or a specific Context (webapp). You have to use it for you whole app, not specific path or directories.

Tomcat Valve 可以应用于整个 Engine、Host 或特定的 Context (webapp)。您必须将它用于整个应用程序，而不是特定的路径或目录。

You should set it in your META-INF/context.xml or your context fragment in conf/Catalina/[host] directory. For example,

您应该在 META-INF/context.xml 或 conf/Catalina/[host] 目录中的上下文片段中设置它。例如，

<Context path="/myapp" ...>
  ...
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="10.1.2.*"/>
</Context>

Had the same need as you (but for other reasons) last week and created a valve to block requests by path. It's based off of org.apache.catalina.valves.RequestFilterValve.

上周与您有相同的需求（但出于其他原因）并创建了一个阀门来按路径阻止请求。它基于org.apache.catalina.valves.RequestFilterValve.

Usage:

用法：

<Valve className="se.qbranch.tomcat.valve.BlockAccessByPathValve" path="/manager/.*" allow="127\.0\.0\.1"/>

<Valve className="se.qbranch.tomcat.valve.BlockAccessByPathValve" path="/manager/.*" allow="127\.0\.0\.1"/>

The valve can be used in Engine, Host or Context just as any valve and is available on GitHub. http://github.com/xlson/tomcat-valves

Valve 可以像任何 Valve 一样在 Engine、Host 或 Context 中使用，并且可以在 GitHub 上找到。http://github.com/xlson/tomcat-valves

I would suggest using the default tomcat valves or servlet filters in your application if that solves your problem. The reason we needed a custom valve was that some parts of the tomcat management application Psi-Probewould "leak out" even though we used the RemoteAddrValvein the <Context>element of the application.

如果可以解决您的问题，我建议在您的应用程序中使用默认的 tomcat 阀门或 servlet 过滤器。我们需要自定义阀门的原因是，即使我们在应用程序的元素中使用了，tomcat 管理应用程序Psi-Probe 的某些部分也会“泄漏” 。RemoteAddrValve<Context>