This was broken in the 3.0.0-alpha release on sourceforge. I believe it is fixed in the latest CVS version, all the security tests have passed since early January.
However, the latest CVS version doesn't compile at the moment, due to modifications in the deployment code :-( You could try using CVS to check out a version from last week. Regards, Adrian >From: "Michele Fabbri" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: [JBoss-user] Re: JBoss-user digest, Vol 1 #1818 - 11 msgs >Date: Tue, 22 Jan 2002 15:45:12 +0100 > >Why "JAAS Based Security in JBoss" on JBoss Documentation Manual >don't work on JBoss 3.0? And also Javaworld example don't work. > >this is the error: > >14:58:56,251 INFO [JBossUserRealm#JAAS Tutorial Servlets] >JBossUserPrincipal: java >14:58:56,251 INFO [JBossUserRealm#JAAS Tutorial Servlets] authenticating: >Name:java Password:echoman >14:58:56,251 INFO [JBossUserRealm#JAAS Tutorial Servlets] >JBossUserPrincipal: java is authenticated >14:58:56,261 INFO [JBossUserRealm#JAAS Tutorial Servlets] >JBossUserPrincipal: java is in Role: Echo >14:58:56,401 ERROR [SecurityInterceptor] Insufficient method permissions, >principal=null, method=create, requiredRoles=[Coder, Echo], >principalRoles=[] >14:58:56,401 ERROR [StatelessSessionContainer] invoke returned an >exceptionjava.rmi.RemoteException: checkSecurityAssociation; nested >exception is: > >the web client works, but the ejb principal is null, why? > >Please help me. > >Bye >Michele > > >----- Original Message ----- >From: <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Monday, January 21, 2002 7:08 PM >Subject: JBoss-user digest, Vol 1 #1818 - 11 msgs > > > > Send JBoss-user mailing list submissions to > > [EMAIL PROTECTED] > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.sourceforge.net/lists/listinfo/jboss-user > > or, via email, send a message with subject or body 'help' to > > [EMAIL PROTECTED] > > > > You can reach the person managing the list at > > [EMAIL PROTECTED] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of JBoss-user digest..." > > > > > > Today's Topics: > > > > 1. JBoss 3.0 and CMP 2.0 Question (Rama Rao) > > 2. RE: JBoss naming service don't work on ..... (Coetmeur, Alain) > > 3. RE: Problem making Apache1.3.22 work with >Jboss2.4.4-with-tomcat4.0.1 (Michael Schulz) > > 4. (no subject) ([EMAIL PROTECTED]) > > 5. Jboss security with databaselogin module ([EMAIL PROTECTED]) > > 6. problem using the forum: login with the correct password, but no >change of user (Jan Heise) > > 7. security problem with Jboss+Tomcat (Andrea Cervellati) > > 8. About POseidon (Jaime21) > > 9. RE: Jboss EmbeddedTomcat classloader - 2nd try (Lewis Lin) > > 10. transport guarantees ?? (Gerry Duhig) > > 11. RE: Jboss EmbeddedTomcat classloader - 2nd try (Adrian Brock) > > > > --__--__-- > > > > Message: 1 > > From: "Rama Rao" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Date: Mon, 21 Jan 2002 16:49:17 +0530 > > Subject: [JBoss-user] JBoss 3.0 and CMP 2.0 Question > > > > This is a multi-part message in MIME format. > > > > ------=_NextPart_000_0323_01C1A29B.9091A820 > > Content-Type: text/plain; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > Hi All, > > > > I have a few questions regarding the following example. > > > > I have two tables Employee and Department with the following spec. > > EMPLOYEE: > > ------------------ > > > > EMPID VARCHAR > > ENAME VARCHAR > > DEPTID VARCHAR > > > > DEPARTMENT > > --------------------- > > DEPTID VARCHAR > > DNAME VARCHAR > > > > Here DEPTID in employee is foreign key. They have a Many-One uni = > > directional relationship (Department-Employee). > > > > If set the relationship in ejb-jar.xml and jbosscmp-jdbc.xml and let the >= > > jboss create tables, it is creating > > the column in Employee with some other name other than DEPTID even if = > > say it clearly in the column name of=20 > > foreign key relationship. Why is it so? > > My second question is : Since the relationship is unidirectional, = > > Employee has no cmr field , how do i insert a single employee record in >= > > to the database? > > I cannot do it through ejbCreate(String EmpID,String EmpName,String = > > DeptID) . Essentially my problem is to insert a record in to the = > > Employee table along with the foreign key field (DeptID). > > > > Thanks In Advance > > Rama Rao > > > > ------=_NextPart_000_0323_01C1A29B.9091A820 > > Content-Type: text/html; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > <HTML><HEAD> > > <META content=3D"text/html; charset=3Diso-8859-1" = > > http-equiv=3DContent-Type> > > <META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR> > > <STYLE></STYLE> > > </HEAD> > > <BODY bgColor=3D#ffffff> > > <DIV><FONT face=3DArial size=3D2>Hi All,</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>I have a few questions regarding the = > > following=20 > > example.</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>I have two tables Employee and = > > Department with the=20 > > following spec.</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>EMPLOYEE:</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>------------------</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>EMPID = > > VARCHAR</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>ENAME = > > VARCHAR</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>DEPTID = > > VARCHAR</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>DEPARTMENT</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>---------------------</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>DEPTID VARCHAR</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>DNAME VARCHAR</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>Here DEPTID in employee is foreign key. >= > > They have a=20 > > Many-One uni directional relationship = > > (Department-Employee).</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>If set the relationship in ejb-jar.xml >= > > and=20 > > jbosscmp-jdbc.xml and let the jboss create tables, it is = > > creating</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>the column in Employee with some other >= > > name other=20 > > than DEPTID even if say it clearly in the column name = > > of </FONT></DIV> > > <DIV><FONT face=3DArial size=3D2> foreign key </FONT><FONT = > > face=3DArial=20 > > size=3D2>relationship. Why is it so?</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>My second question is : = > > Since the=20 > > relationship is unidirectional, Employee has no cmr field , how do i = > > insert a=20 > > single employee record in to the database?</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>I cannot do it through ejbCreate(String >= > > > > EmpID,String EmpName,String DeptID) . Essentially my problem is to = > > insert a=20 > > record in to the Employee table along with the foreign key field=20 > > (DeptID).</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>Thanks In Advance</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>Rama Rao</FONT></DIV></BODY></HTML> > > > > ------=_NextPart_000_0323_01C1A29B.9091A820-- > > > > > > > > --__--__-- > > > > Message: 2 > > From: "Coetmeur, Alain" <[EMAIL PROTECTED]> > > To: "'Anthony Servito'" <[EMAIL PROTECTED]>, > > "Jboss-User@Lists. Sourceforge. Net (E-mail)" > > <[EMAIL PROTECTED]> > > Subject: RE: [JBoss-user] JBoss naming service don't work on ..... > > Date: Mon, 21 Jan 2002 14:57:06 +0100 > > > > I've heard it is a bug in some JDK > > > > it might be corrected in latest JDK, maybe with 1.3.1_02 > > > > I'm not sure, but you may look around > > > > > -----Message d'origine----- > > > De: Anthony Servito [mailto:[EMAIL PROTECTED]] > > > Date: jeudi 17 janvier 2002 21:09 > > > =C0: Jboss-User@Lists. Sourceforge. Net (E-mail) > > > Objet: [JBoss-user] JBoss naming service don't work on ..... > > >=20 > > >=20 > > > javax.naming.NamingException is thrown when JBoss is located on a > > > directory that has space on its path. > > >=20 > > > For example I place the JBoss on c:\program > > > files\JBoss-2.4.3_Tomcat-3.2.3 directory. Notice that "program = > > files" > > > has space in between. > > >=20 > > > > > > --__--__-- > > > > Message: 3 > > From: "Michael Schulz" <[EMAIL PROTECTED]> > > To: "=?gb2312?B?oaQ/Pz+h5D8=?=" <[EMAIL PROTECTED]>, > > <[EMAIL PROTECTED]> > > Subject: RE: [JBoss-user] Problem making Apache1.3.22 work with >Jboss2.4.4-with-tomcat4.0.1 > > Date: Mon, 21 Jan 2002 09:14:55 -0600 > > > > >But if the URL is "jboss/servlet/HelloEJB", it doesn't work. The >message >in > > the mod_jk.log is: > > >[Sat Jan 19 15:41:54 2002] [jk_uri_worker_map.c (368)]: Attempting to >map > > URI '/jboss/servlet/HelloEJB' > > >[Sat Jan 19 15:41:54 2002] [jk_uri_worker_map.c (456)]: > > jk_uri_worker_map_t::map_uri_to_worker, done without a match > > > > > >What's the problem? Must I create a .jsp file in the web application to >run > > the servlet/ejb > > >and then let the index.html link to that .jsp file? Or some other ways? > > > > > >Thank you! > > > > > >Best regards > > >Hubert Fu > > > > > > > APPROACH 1: > > > > Add two more mappings to your httpd.conf file: > > > > JkMount /jboss/*.jsp ajp13 > > JkMount /jboss/servlet/* ajp13 > > > > APPROACH 2: > > > > Another option that might work (I haven't tried this): > > change the existing JkMount directives by removing the leading slash... > > > > JkMount /*.jsp ajp13 becomes JkMount *.jsp ajp13 > > JkMount /servlet/* ajp13 becomes JkMount servlet/* ajp13 > > > > This might tell the mod_jk that any request ending in *.jsp is handled >by > > ajp13 > > and that any request containing servlet/* is also handled by ajp13 > > > > But as I said, I'm not 100% sure this approach will work. The first > > approach > > (adding two more JkMount directives) will definitely work. > > > > Regards, > > Michael Schulz > > > > > > > > > > > > --__--__-- > > > > Message: 4 > > From: <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Date: Mon, 21 Jan 2002 16:30:32 +0100 > > Subject: [JBoss-user] (no subject) > > > > Hi, > > > > I'm using JBoss and Tomcat for my web application. > > > > I have two stateful session ejbs: InsegnamentiEJB and MatDidEJB. > > > > The MatDidEJB is restricted to a security domain, but the other is not. > > So I did not specify any method permission in the ejb-jar.xml for the >first bean, but only for the second one: > > > > <assembly-descriptor> > > <security-role> > > <role-name>docente</role-name> > > <assembly-descriptor> > > > > <method-permission> > > <role-name>docente</role-name> > > <method> > > <ejb-name>MatDidEJB</ejb-name> > > <method-name>*</method-name> > > </method> > > </method-permission> > > > > I want to use the database login module for the authentication of users >so >I had to change the standard configurations adding the following jboss.xml: > > > > <jboss> <security-domain>java:/jaas/modulojdbc</security-domain> > > </jboss> > > > > where modulojdbc is the JNDI name of the authorization configuration in >the auth.conf file. > > > > Then I have two JSPs: Insegnamenti.jsp and MatDid.jsp. > > > > When the user connects to the first he/she doesn't need to be >authenticated and can access to the related ejb. > > On the bottom of the page there is a link to the other jsp and if the >user >clicks it he/she must authenticate himself/herself with a login form. > > > > My web.xml contains the following: > > > > <security-constraint> > > > > <web-resource-collection> > > <web-resource-name>area riservata</web-resource-name> > > <url-pattern>/MatDid.jsp</url-pattern> > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > > > <auth-constraint> > > <role-name>docente</role-name> > > </auth-constraint> > > > > </security-constraint> > > > > > > The problem is that when the user connect to the Insegnamenti.jsp and >tries to connect to the InsegnamentiEJB the following exception occurs: > > > > javax.servlet.ServletException: >checkSecurityAssociation; nested exception is: > > java.lang.SecurityException: Authentication >exception, >principal=null; nested exception is: > > java.rmi.RemoteException: checkSecurityAssociation; >nested exception is: > > java.lang.SecurityException: Authentication >exception, >principal=null > > > > It seems that as long as I set the jboss configuration with the >jboss.xml, >any user that try to access the beans must be authenticated! WHY?! > > > > How can I restrict the authentication only to ONE particular ejb? > > > > PLEASE HELP!!!!! > > > > Thanks in advance > > > > bye > > > > > > > > > > --__--__-- > > > > Message: 5 > > From: <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Date: Mon, 21 Jan 2002 16:43:13 +0100 > > Subject: [JBoss-user] Jboss security with databaselogin module > > > > Hi, > > > > I'm using JBoss and Tomcat for my web application. > > > > I have two stateful session ejbs: InsegnamentiEJB and MatDidEJB. > > > > The MatDidEJB is restricted to a security domain, but the other is not. > > So I did not specify any method permission in the ejb-jar.xml for the >first > > bean, but only for the second one: > > > > <assembly-descriptor> > > <security-role> > > <role-name>docente</role-name> > > <assembly-descriptor> > > > > <method-permission> > > <role-name>docente</role-name> > > <method> > > <ejb-name>MatDidEJB</ejb-name> > > <method-name>*</method-name> > > </method> > > </method-permission> > > > > I want to use the database login module for the authentication of users >so I had > > to change the standard configurations adding the following jboss.xml: > > > > <jboss> <security-domain>java:/jaas/modulojdbc</security-domain> > > </jboss> > > > > where modulojdbc is the JNDI name of the authorization configuration in >the > > auth.conf file. > > > > Then I have two JSPs: Insegnamenti.jsp and MatDid.jsp. > > > > When the user connects to the first he/she doesn't need to be >authenticated and > > can access to the related ejb. > > On the bottom of the page there is a link to the other jsp and if the >user > > clicks it he/she must authenticate himself/herself with a login form. > > > > My web.xml contains the following: > > > > <security-constraint> > > > > <web-resource-collection> > > <web-resource-name>area riservata</web-resource-name> > > <url-pattern>/MatDid.jsp</url-pattern> > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > > > <auth-constraint> > > <role-name>docente</role-name> > > </auth-constraint> > > > > </security-constraint> > > > > > > The problem is that when the user connect to the Insegnamenti.jsp and >tries to > > connect to the InsegnamentiEJB the following exception occurs: > > > > javax.servlet.ServletException: checkSecurityAssociation; > > nested exception is: > > java.lang.SecurityException: Authentication exception, > > principal=null; nested exception is: > > java.rmi.RemoteException: checkSecurityAssociation; nested > > exception is: > > java.lang.SecurityException: Authentication exception, > > principal=null > > > > It seems that as long as I set the jboss configuration with the >jboss.xml, any > > user that try to access the beans must be authenticated! WHY?! > > > > How can I restrict the authentication only to ONE particular ejb? > > > > PLEASE HELP!!!!! > > > > Thanks in advance > > > > bye > > > > > > > > > > --__--__-- > > > > Message: 6 > > From: "Jan Heise" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Date: Mon, 21 Jan 2002 17:44:08 +0100 > > Subject: [JBoss-user] problem using the forum: login with the correct >password, but no change of user > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > hi, > > > > i experience some weird behaviour trying to use the forums. > > i can not log in. my credentials are always reset to guest. > > the user/passwd is not the problem. if i use a wrong passwd, > > the software asks me to reenter my pwd just like one would > > expect. i even registered myself a second time but have the > > same problem. cookies are enabled. i can see that other users > > can post, so obviously they don't suffer from this particular > > problem. > > > > someone else out there experiencing this weird behaviour? > > > > btw: does someone know the support-email for the forums > > or do we have to mail marc directly? > > > > jan > > > > - -- > > Jan Heise / Tel. +49-163-4803237 / [EMAIL PROTECTED] > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 7.0.4 > > > > iQA/AwUBPExFVp/YNqVvLvLkEQK5GgCfdxwsP340C66uZnrQlND8TcP7b2oAn25W > > gHsmDgwap043kheoTn8NacN/ > > =cXSh > > -----END PGP SIGNATURE----- > > > > > > > > --__--__-- > > > > Message: 7 > > Date: Mon, 21 Jan 2002 17:55:58 +0100 (MET) > > From: Andrea Cervellati <[EMAIL PROTECTED]> > > Reply-To: Andrea Cervellati <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: [JBoss-user] security problem with Jboss+Tomcat > > > > Hi, > > > > I'm using JBoss and Tomcat for my web application. > > > > I have two stateful session ejbs: InsegnamentiEJB and MatDidEJB. > > > > The MatDidEJB is restricted to a security domain, but the other is not. > > So I did not specify any method permission in the ejb-jar.xml for the >first > > bean, but only for the second one: > > > > <assembly-descriptor> > > <security-role> > > <role-name>docente</role-name> > > <assembly-descriptor> > > > > <method-permission> > > <role-name>docente</role-name> > > <method> > > <ejb-name>MatDidEJB</ejb-name> > > <method-name>*</method-name> > > </method> > > </method-permission> > > > > I want to use the database login module for the authentication of users >so I > > had > > to change the standard configurations adding the following jboss.xml: > > > > <jboss> <security-domain>java:/jaas/modulojdbc</security-domain> > > </jboss> > > > > where modulojdbc is the JNDI name of the authorization configuration in >the > > auth.conf file. > > > > Then I have two JSPs: Insegnamenti.jsp and MatDid.jsp. > > > > When the user connects to the first he/she doesn't need to be >authenticated and > > can access to the related ejb. > > On the bottom of the page there is a link to the other jsp and if the >user > > clicks it he/she must authenticate himself/herself with a login form. > > > > My web.xml contains the following: > > > > <security-constraint> > > > > <web-resource-collection> > > <web-resource-name>area riservata</web-resource-name> > > <url-pattern>/MatDid.jsp</url-pattern> > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > > > <auth-constraint> > > <role-name>docente</role-name> > > </auth-constraint> > > > > </security-constraint> > > > > > > The problem is that when the user connect to the Insegnamenti.jsp and >tries to > > connect to the InsegnamentiEJB the following exception occurs: > > > > javax.servlet.ServletException: checkSecurityAssociation; > > nested exception is: > > java.lang.SecurityException: Authentication exception, > > principal=null; nested exception is: > > java.rmi.RemoteException: checkSecurityAssociation; nested > > exception is: > > java.lang.SecurityException: Authentication exception, > > principal=null > > > > It seems that as long as I set the jboss configuration with the >jboss.xml, any > > user that try to access the beans must be authenticated! WHY?! > > > > How can I restrict the authentication only to ONE particular ejb? > > > > PLEASE HELP!!!!! > > > > Thanks in advance > > > > bye > > > > > > > > --__--__-- > > > > Message: 8 > > From: "Jaime21" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Date: Mon, 21 Jan 2002 12:03:31 -0500 > > Subject: [JBoss-user] About POseidon > > > > people i'm developing web application over JBoss and Tomcat, I 'm using > > Poseidon for UML diagram but I have problem to generation the EJB, don't > > know how setup the throws and it's very difficult for me to generation >the > > EJB > > Any people have experience with xdoclet for generation EJB, i need to >know > > example > > I hope their help > > Regards > > Jaime > > > > > > --__--__-- > > > > Message: 9 > > From: "Lewis Lin" <[EMAIL PROTECTED]> > > To: "Jboss-User" <[EMAIL PROTECTED]> > > Subject: RE: [JBoss-user] Jboss EmbeddedTomcat classloader - 2nd try > > Date: Mon, 21 Jan 2002 12:14:45 -0500 > > > > Hi, > > I did some more research on this. In Jboss 2.4+Tomcat 3.2.3, the web = > > container can see the classes that loaded by MLET setting in Jboss.conf. >= > > But in Jboss 2.4.4 + Tomcat 4.0.1, the web container can no longer see = > > the classes. Is there anyway to change it back?=20 > > > > Thanks, > > Lewis > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Lewis Lin > > Sent: Friday, January 18, 2002 3:48 PM > > To: Jboss-User > > Subject: [JBoss-user] Jboss EmbeddedTomcat classloader > > > > > > Hi, > > I am using Jboss 2.4.4 + Tomcat 4.0.1 within the same JVM. I noticed = > > that the servlet can not see the classes that loaded in JBOSS/lib. And = > > it was working fine with JBoss 2.4.0 + Tomcat 3.2.3. Could someone help >= > > me out? Do I miss something? > > > > Thanks, > > Lewis > > > > > > _______________________________________________ > > JBoss-user mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/jboss-user > > > > > > > > --__--__-- > > > > Message: 10 > > From: "Gerry Duhig" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Date: Mon, 21 Jan 2002 17:26:12 -0000 > > Subject: [JBoss-user] transport guarantees ?? > > > > This is a multi-part message in MIME format. > > > > ------=_NextPart_000_0A17_01C1A2A0.B8E77C50 > > Content-Type: text/plain; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > Have I got this right? > > > > I have an app and in the deployment descriptor I ask for FORM = > > authentication and set the transport guarantee to CONFIDENTIAL .=20 > > > > If the user attempts access to a secured page or servlet in that app = > > from a simple http connection, tomcat will force the FORM page to be = > > sent using SSL. Is that right? > > > > Now, you cannot do this if you are running tomcat "behind" Apache and = > > Apache is handling the SSL because your link to tomcat is AJP13 on say = > > port 8009 and tomcat doesn't know how to force the switch. Is that = > > right? > > > > Nor can you do this with Tomcat 4 embedded in JBoss 2.4.4 because there >= > > is no support for port redirection in the EmbeddedCatalina service? > > > > I think I have finally worked all this out, but it would be nice to have >= > > it confirmed! > > > > Gerry > > > > > > ------=_NextPart_000_0A17_01C1A2A0.B8E77C50 > > Content-Type: text/html; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > <HTML><HEAD> > > <META content=3D"text/html; charset=3Diso-8859-1" = > > http-equiv=3DContent-Type> > > <META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR> > > <STYLE></STYLE> > > </HEAD> > > <BODY bgColor=3D#ffffff> > > <DIV><FONT face=3DArial size=3D2>Have I got this right?</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>I have an app and in the deployment = > > descriptor I=20 > > ask for FORM authentication and set the transport guarantee to = > > CONFIDENTIAL .=20 > > </FONT></DIV> > > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > > <DIV><FONT face=3DArial size=3D2>If the user attempts access to a = > > secured page or=20 > > servlet in that app from a simple http connection, tomcat will force the >= > > FORM=20 > > page to be sent using SSL. Is that right?</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>Now, you cannot do this if you are = > > running tomcat=20 > > "behind" Apache and Apache is handling the SSL because your link to = > > tomcat is=20 > > AJP13 on say port 8009 and tomcat doesn't know how to force the = > > switch. Is=20 > > that right?</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>Nor can you do this with Tomcat 4 = > > embedded in JBoss=20 > > 2.4.4 because there is no support for port redirection in the = > > EmbeddedCatalina=20 > > service?</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>I think I have finally worked all this >= > > out, but it=20 > > would be nice to have it confirmed!</FONT></DIV> > > <DIV> </DIV> > > <DIV><FONT face=3DArial size=3D2>Gerry</FONT></DIV> > > <DIV> </DIV></BODY></HTML> > > > > ------=_NextPart_000_0A17_01C1A2A0.B8E77C50-- > > > > > > > > --__--__-- > > > > Message: 11 > > Reply-To: [EMAIL PROTECTED] > > From: "Adrian Brock" <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject: RE: [JBoss-user] Jboss EmbeddedTomcat classloader - 2nd try > > Date: Mon, 21 Jan 2002 18:05:52 +0000 > > > > Have a look in > > jboss/conf/catalina/jboss.conf > > You will see some ClassPathExtension MBeans. > > > > You could try adding one for ../../lib/ > > by copying the one for ../../lib/ext/ > > > > Regards, > > Adrian > > > > > > >From: "Lewis Lin" <[EMAIL PROTECTED]> > > >To: "Jboss-User" <[EMAIL PROTECTED]> > > >Subject: RE: [JBoss-user] Jboss EmbeddedTomcat classloader - 2nd try > > >Date: Mon, 21 Jan 2002 12:14:45 -0500 > > > > > >Hi, > > > I did some more research on this. In Jboss 2.4+Tomcat 3.2.3, the web > > >container can see the classes that loaded by MLET setting in >Jboss.conf. > > >But in Jboss 2.4.4 + Tomcat 4.0.1, the web container can no longer see >the > > >classes. Is there anyway to change it back? > > > > > >Thanks, > > >Lewis > > > > > >-----Original Message----- > > >From: [EMAIL PROTECTED] > > >[mailto:[EMAIL PROTECTED]]On Behalf Of Lewis Lin > > >Sent: Friday, January 18, 2002 3:48 PM > > >To: Jboss-User > > >Subject: [JBoss-user] Jboss EmbeddedTomcat classloader > > > > > > > > >Hi, > > > I am using Jboss 2.4.4 + Tomcat 4.0.1 within the same JVM. I noticed > > >that the servlet can not see the classes that loaded in JBOSS/lib. And >it > > >was working fine with JBoss 2.4.0 + Tomcat 3.2.3. Could someone help me > > >out? Do I miss something? > > > > > >Thanks, > > >Lewis > > > > > > > > >_______________________________________________ > > >JBoss-user mailing list > > >[EMAIL PROTECTED] > > >https://lists.sourceforge.net/lists/listinfo/jboss-user > > > > > > > > >_______________________________________________ > > >JBoss-user mailing list > > >[EMAIL PROTECTED] > > >https://lists.sourceforge.net/lists/listinfo/jboss-user > > > > > > > > > > _________________________________________________________________ > > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > > > > > > > > --__--__-- > > > > _______________________________________________ > > JBoss-user mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/jboss-user > > > > > > End of JBoss-user Digest > > >_______________________________________________ >JBoss-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/jboss-user _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
