Listener Jar File
Under which directory should I place the jar file containing an HttpSessionListener referenced in my web.xml? I currently have this in a jar under web-inf/lib, but I am getting exceptions saying that this class is not in my path. Justin
RE: Listener Jar File
Ty. -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 11:53 AM To: Tomcat Users List Subject: RE: Listener Jar File Hi, Under which directory should I place the jar file containing an HttpSessionListener referenced in my web.xml? I currently have this in a jar under web-inf/lib, but I am getting exceptions saying that this class is not in my path. WEB-INF/lib is the right place for all servlet spec listeners. Check your spelling or package naming maybe? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
HTTP Referral
Is there a way to extract the HTTP referral header from tagsupport?
RE: HTTP Referral
Whoops, found how to get all of the headers, but thanks. -Original Message- From: Hart, Justin Sent: Friday, January 30, 2004 10:09 AM To: [EMAIL PROTECTED] Subject: HTTP Referral Is there a way to extract the HTTP referral header from tagsupport? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Who is Online
I am attempting to implement a tag that lists online users (users logged in via BASIC auth). How can I tell which users are online? Justin
Connection Pooling
Is there some manner in which a database connection should be returned to the connection pool, or is that automatic? Justin
RE: Problem with spanish accents and the 'ñ' char
This sounds like a font issue, not a JSP issue. You're probably looking at the generated page with a browser that does not have that font loaded. Justin -Original Message- From: Leandro Costa [mailto:[EMAIL PROTECTED] Sent: Monday, December 22, 2003 4:46 PM To: [EMAIL PROTECTED] Subject: Problem with spanish accents and the 'ñ' char I'm running Tomcat 5.0.16 and a JSP that connects to a MySQL DB. The data in the DB is ok, because i fetched that information with a quick php application and it displays correctly the accents and such. But when i access the information with this JSP, it puts question marks instead of those characters. I've seen this problem in some forums out there, but no solution... The same JSP is running on a Tomcat 4.0.1 in another machine (that i haven't configured), and it displays the accents correctly. Does anybody know what to do ? Regards, Leandro Costa - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Importing the Certificate?
Go to verisign, there is a chain certificate somewhere on the site (I do not remember where). Justin -Original Message- From: Anibal Constante Brito [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 5:37 PM To: Tomcat UserList Subject: Importing the Certificate? Hello: A read this in ssl=howto: * Import the Chain Certificate into you keystore http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif keytool -import -alias root -keystore your_keystore_filename \ -trustcacerts -file filename_of_the_chain_certificate http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif * And finally import your new Certificate http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif keytool -import -alias tomcat -keystore your_keystore_filename \ -trustcacerts -file your_certificate_filename http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif http://jakarta.apache.org/tomcat/tomcat-5.0-doc/images/void.gif I recevie a email from verisign with a code (like a certificate that I send to they) and I don't know what is a filename_of_the_chain_certificate and your_certificate_filename, because the email only have one certificate, and just do the first part, I a don't know what to do with other. Please tell me what to test the ssl connector. How can I find the chain_certificate and your_certificate_filename, and what they mean. best regards. Owen.
RE: Installation quesiton
Well... as long as we've established that the question can't be held against rite-aid... am I in trouble for copying the portion necessary to reply to this email? Justin __ Disclaimer: This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify us immediately by e-mail and delete the original message. This e-mail expresses views only of the sender, which are not to be attributed to Rite Aid Corporation and may not be copied or distributed without this statement. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBC from TagSupport
Quick question. I see that one can configure a JDBC datasource in their server.xml file and their web.xml file. What does this get you? Every example that I have read tells me that I need to open a JDBC connection just about the same as I would from any other java application. What is the purpose of setting up a JDBC datasource in these files? Is it only good for userdatabaserealm? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JDBC from TagSupport
Ok, so, how does one access this datasource from tagsupport? Justin -Original Message- From: Philipp Taprogge [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 2:24 PM To: Tomcat Users List Subject: Re: JDBC from TagSupport Hi! Hart, Justin wrote: Quick question. I see that one can configure a JDBC datasource in their server.xml file and their web.xml file. What does this get you? Every example that I have read tells me that I need to open a JDBC connection just about the same as I would from any other java application. What is the purpose of setting up a JDBC datasource in these files? Is it only good for userdatabaserealm? The main advantage is that you can use a connection pool like jakarta-commons-dbcp which saves you a lot of runtime. The second advantage is that you can configure the connection parameters like db URL, username, password and the like on the fly without editing java sources or redeploying your application. Phil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JDBC from TagSupport
Gotcha, so the datasource gets stuck into a naming directory, and then you can grab it
via JNDI and use it that way.
The benefit being that a sysadmin can change the datasource via server.xml rather than
having you rewrite the code.
Right?
Justin
-Original Message-
From: Alan Czajkowski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 2:37 PM
To: Tomcat Users List
Subject: RE: JDBC from TagSupport
i have it setup for sybase and mine looks like this in the server.xml:
-
Context path=/Sybase
docBase=sybase
debug=5
reloadable=true
crossContext=true
Logger className=org.apache.catalina.logger.FileLogger
prefix=localhost_Sybase.log.
suffix=.txt
timestamp=true/
Resource name=jdbc/a_sybase_datasource
auth=Container
type=javax.sql.DataSource/
ResourceParams name=jdbc/a_sybase_datasource
parameter
namefactory/name
valueorg.apache.commons.dbcp.BasicDataSourceFactory/value
/parameter
parameter
namemaxActive/name
value10/value
/parameter
parameter
namemaxIdle/name
value5/value
/parameter
parameter
namemaxWait/name
value1/value
/parameter
parameter
namedriverClassName/name
valuecom.sybase.jdbc2.jdbc.SybDriver/value
/parameter
parameter
nameurl/name
valuejdbc:sybase:Tds:database_hostname:5000/your_dbname?JCONNECT_VERSION=6/value
/parameter
parameter
nameusername/name
valueyour_userid/value
/parameter
parameter
namepassword/name
valueyour_password/value
/parameter
/ResourceParams
/Context
-
of course i also got a .jar file (jConnect 5.5) from sybase that i guess
provides the com.sybase.jdbc2.jdbc.SybDriver
and then in the JSP u have something like this to reference the context
and setup the connection:
-
String s = java:comp/env;
String t = jdbc/a_sybase_datasource;
InitialContext initCtx = null;
try
{
initCtx = new InitialContext();
}
catch(Exception e)
{
out.println(BR /);
out.println(BR /);
out.println(PREfailed: initCtx = new InitialContext(););
out.println(e + : + e.getMessage());
out.println(/PREBR /);
}
Context envCtx = null;
try
{
envCtx = (Context)initCtx.lookup(s);
}
catch(Exception e)
{
out.println(BR /);
out.println(BR /);
out.println(PREfailed: envCtx = (Context)initCtx.lookup( + s +
););
out.println(e + : + e.getMessage());
out.println(/PREBR /);
}
DataSource ds = null;
try
{
ds = (DataSource)envCtx.lookup(t);
}
catch(Exception e)
{
out.println(BR /);
out.println(BR /);
out.println(PREfailed: ds = (DataSource)envCtx.lookup( + t +
););
out.println(e + : + e.getMessage());
out.println(/PREBR /);
}
if(ds == null)
{
out.println(BR /);
out.println(BR /);
out.println(PREwarning: DataSource is null);
out.println(/PREBR /);
}
Connection conn;
Statement stmt;
ResultSet rs;
// open connection object
conn = ds.getConnection();
// open statement object
stmt = conn.createStatement();
-
Thanks,
Alan Czajkowski
-
Database Administrator
BMO Financial Group
Decision Support Services
3300 Bloor Street West
14th Floor, West Tower
Toronto, Ontario, M8X 2X2
Tel: 416.232.8736
-
Hart, Justin [EMAIL PROTECTED]
16/12/2003 02:26 PM
Please respond to Tomcat Users List
To: Tomcat Users List [EMAIL PROTECTED]
cc:
Subject:RE: JDBC from TagSupport
Ok, so, how does one access this datasource from tagsupport?
Justin
-Original Message-
From: Philipp Taprogge [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 2:24 PM
To: Tomcat Users List
Subject: Re: JDBC from TagSupport
Hi!
Hart, Justin wrote:
Quick question. I see that one can configure a JDBC datasource in their
server.xml file and their web.xml file.
What does this get you? Every example that I have read tells me
that I need to open a JDBC connection just about
the same as I would from any other java application.
What is the purpose of setting up a JDBC datasource in these files? Is
it only good for userdatabaserealm?
The main advantage is that you can use a connection pool like
jakarta-commons-dbcp which saves you a lot of runtime. The second
advantage is that you can configure the connection parameters like db
URL, username, password and the like on the fly without editing java
sources or redeploying your application.
Phil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED
RE: JDBC from TagSupport
Cool, thanks.
-Original Message-
From: Alan Czajkowski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 2:44 PM
To: Tomcat Users List
Subject: RE: JDBC from TagSupport
affirmative,
but instead of looking at my proprietary example below .. goto the Tomcat
Documentation under JNDI Datasource HOW-TO and there it explained nicely
on how to do everything
Thanks,
Alan Czajkowski
-
Database Administrator
BMO Financial Group
Decision Support Services
3300 Bloor Street West
14th Floor, West Tower
Toronto, Ontario, M8X 2X2
Tel: 416.232.8736
-
Hart, Justin [EMAIL PROTECTED]
16/12/2003 02:38 PM
Please respond to Tomcat Users List
To: Tomcat Users List [EMAIL PROTECTED]
cc:
Subject:RE: JDBC from TagSupport
Gotcha, so the datasource gets stuck into a naming directory, and then you
can grab it via JNDI and use it that way.
The benefit being that a sysadmin can change the datasource via server.xml
rather than having you rewrite the code.
Right?
Justin
-Original Message-
From: Alan Czajkowski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 2:37 PM
To: Tomcat Users List
Subject: RE: JDBC from TagSupport
i have it setup for sybase and mine looks like this in the server.xml:
-
Context path=/Sybase
docBase=sybase
debug=5
reloadable=true
crossContext=true
Logger className=org.apache.catalina.logger.FileLogger
prefix=localhost_Sybase.log.
suffix=.txt
timestamp=true/
Resource name=jdbc/a_sybase_datasource
auth=Container
type=javax.sql.DataSource/
ResourceParams name=jdbc/a_sybase_datasource
parameter
namefactory/name
valueorg.apache.commons.dbcp.BasicDataSourceFactory/value
/parameter
parameter
namemaxActive/name
value10/value
/parameter
parameter
namemaxIdle/name
value5/value
/parameter
parameter
namemaxWait/name
value1/value
/parameter
parameter
namedriverClassName/name
valuecom.sybase.jdbc2.jdbc.SybDriver/value
/parameter
parameter
nameurl/name
valuejdbc:sybase:Tds:database_hostname:5000/your_dbname?JCONNECT_VERSION=6/value
/parameter
parameter
nameusername/name
valueyour_userid/value
/parameter
parameter
namepassword/name
valueyour_password/value
/parameter
/ResourceParams
/Context
-
of course i also got a .jar file (jConnect 5.5) from sybase that i guess
provides the com.sybase.jdbc2.jdbc.SybDriver
and then in the JSP u have something like this to reference the context
and setup the connection:
-
String s = java:comp/env;
String t = jdbc/a_sybase_datasource;
InitialContext initCtx = null;
try
{
initCtx = new InitialContext();
}
catch(Exception e)
{
out.println(BR /);
out.println(BR /);
out.println(PREfailed: initCtx = new InitialContext(););
out.println(e + : + e.getMessage());
out.println(/PREBR /);
}
Context envCtx = null;
try
{
envCtx = (Context)initCtx.lookup(s);
}
catch(Exception e)
{
out.println(BR /);
out.println(BR /);
out.println(PREfailed: envCtx = (Context)initCtx.lookup( + s +
););
out.println(e + : + e.getMessage());
out.println(/PREBR /);
}
DataSource ds = null;
try
{
ds = (DataSource)envCtx.lookup(t);
}
catch(Exception e)
{
out.println(BR /);
out.println(BR /);
out.println(PREfailed: ds = (DataSource)envCtx.lookup( + t +
););
out.println(e + : + e.getMessage());
out.println(/PREBR /);
}
if(ds == null)
{
out.println(BR /);
out.println(BR /);
out.println(PREwarning: DataSource is null);
out.println(/PREBR /);
}
Connection conn;
Statement stmt;
ResultSet rs;
// open connection object
conn = ds.getConnection();
// open statement object
stmt = conn.createStatement();
-
Thanks,
Alan Czajkowski
-
Database Administrator
BMO Financial Group
Decision Support Services
3300 Bloor Street West
14th Floor, West Tower
Toronto, Ontario, M8X 2X2
Tel: 416.232.8736
-
Hart, Justin [EMAIL PROTECTED]
16/12/2003 02:26 PM
Please respond to Tomcat Users List
To: Tomcat Users List [EMAIL PROTECTED]
cc:
Subject:RE: JDBC from TagSupport
Ok, so, how does one access this datasource from tagsupport?
Justin
-Original Message-
From: Philipp Taprogge [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 2:24 PM
To: Tomcat Users List
Subject: Re: JDBC from TagSupport
Hi!
Hart, Justin wrote:
Quick question. I see that one can configure a JDBC datasource
Cannot Create Resource Instance
I get Cannot Create Resource Instance when attempting to open the database connection defined by the following entry in server.xml Context path= docBase=docbase Resource name=name auth=Container type=javax.sql.DataSource/ ResourceParams name=name parameter namefactory/namevalueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter parameternamemaxWait/namevalue5000/value/parameter parameternamemaxActive/namevalue4/value/parameter parameternamemaxIdle/namevalue5/value/parameter parameternameusername/namevalueJavaUser/value/parameter parameternamepassword/namevaluejava/value/parameter parameternamedriverClassName/name valuecom.microsoft.jdbc.sqlserver.SQLServerDriver/value/parameter parameternameurl/name valuejdbc:microsoft:sqlserver://localhost:1433;DatabaseName=databasename/value /parameter /ResourceParams /Context And the following in web.xml resource-ref descriptionDB Connection/description res-ref-namename/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref The java that attempts to reference this is Context context = new InitialContext(); DataSource source = (DataSource)context .lookup(java:comp/env/name); Connection con = source .getConnection(); Statement statement = con .createStatement(); Any clue what I'm doing wrong here? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: servlet-mapping like mod_rewrite?
Have a session variable that tracks what language they're using. Justin to offer language-depended websites I want to make a webapp available through /de/* (german) and /en/* (english). Of course, I don't want to use two servlet-repositories for that. My idea is, that no matter if e.g. /en/helloworld or /de/helloworld is requested, a unique helloworld-servlet creates the response and chooses the language by parsing req.getPathInfo() for /de/ resp. /en/. As it isn't only one centralized servlet, I can't use the /* url-pattern. And I don't want to use a servlet-definition and according /en/??? and /de/??? url-pattern for every single servlet. How else can I do this? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [OT] Quality of open source code - not a survey.
I don't think that looking at code will help you to develop a sense of best practices. There are books written on the subject that will help much more than attempting to glean such information from code. Especially since code is the end-product of the practices, not the other way around. Justin -Original Message- From: Antony Paul [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 9:39 AM To: Tomcat Users List Subject: [OT] Quality of open source code - not a survey. Hi, I am not questioning quality of opens source projects. My intention is to learn from looking at the source code of open source projects. I want to know whether it is good to learn from looking at the source code of this kind of projects. I want to develop best coding practices and know how things work and how to implement it. To learn it, the cheap way available to me is looking at code written by some experts. I believe people who wrote Tomcat,JSTL and other have godd knowledge of Java. Is there anything wrong in doing such things ? rgds Antony Paul. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Custom Realm deployment, was More sophisticated JDBCRealm Security
It must be in Tomcat's classpath, not in your WAR file. -Original Message- From: Frank Febbraro [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:10 PM To: Tomcat Users List Subject: Custom Realm deployment, was More sophisticated JDBCRealm Security Thanks Yoav, One more question to you or the group, When deploying a custom Realm implementation, I am defining the Realm inside the Context for my specific application. But on startup I get: java.lang.ClassNotFoundException: .util.CustomJDBCRealm Can I have the Realm class in my WAR file or do I have to put it on the tomcat classpath somewhere? Thanks again, Frank - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, December 08, 2003 2:52 PM Subject: RE: More sophisticated JDBCRealm Security Howdy, You can search the archives of this list for many examples. Yoav Shapira Millennium ChemInformatics -Original Message- From: Frank Febbraro [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 12:10 PM To: Tomcat Users List Subject: Re: More sophisticated JDBCRealm Security Well crap! Turns out we are using MySQL 4.0.x which does not have support for views. Can anyone point me in a direction that would help me in implementing my own Realm (either brand new or by extending another) Thank you very much, Frank - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM Subject: RE: More sophisticated JDBCRealm Security Howdy, Your other option is to extend JDBCRealm into your own custom realm implementation. Yoav Shapira Millennium ChemInformatics -Original Message- From: Frank Febbraro [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:41 AM To: Tomcat Users List Subject: Re: More sophisticated JDBCRealm Security What about the fact that the groupId column in User is called id in the Groups table, would it be a case of making another view to accomplish that translation too? Besides craeting views, which is easy, what are the other options here? - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, December 08, 2003 10:48 AM Subject: RE: More sophisticated JDBCRealm Security Howdy, The typical solution in many cases involving JDBCRealm is (if you don't want to customize the realm by coding) to create a view for use by the JDBC realm. In your case, you'd create a view on the user table where only active users are shown, and configure the JDBC realm to query this view rather than the user table. Yoav Shapira Millennium ChemInformatics -Original Message- From: Frank Febbraro [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 10:48 AM To: Tomcat Users List Subject: More sophisticated JDBCRealm Security In looking through the docs I am surpised that I dont see a way to do some more sophisticated JDBCRealm security. I may just be looking in the wrong place or misreading something so please let me know if I am. My DB tables are arranged as follows create table user ( id BIGINT NOT NULL AUTO_INCREMENT, email VARCHAR(100) not null unique, groupId BIGINT not null, password VARCHAR(20) not null, active BIT, primary key (id) ); create table groups ( id BIGINT NOT NULL AUTO_INCREMENT, role VARCHAR(255) not null, primary key (id) ); The email address is the user login, password is obvious. I would want something that would only let ACTIVE users log in (active = 1), and User.groupId maps to Groups.id field. Using the standard JDBCRealm I do not see how this is possible. Would I actually have to create my own custom Realm implementation in order to achieve these goals? Thanks for any input/advice, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is
RE: Re: Database pool problem
I agree, sometimes clients ask for illogical things. Hell, sometimes developers ask for illogical things. If the choice is not yours to make, then you're stuck. I will caveat this with Point out if it is actually impossible. -Original Message- From: Doug Parsons [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 8:37 AM To: Tomcat Users List Subject: OT: Re: Database pool problem Everyone has reasons. And some may question our choice. But the goal here is to help each other. Had he ask which database to use, then I would have nothing to say. But each of us have conditions which we must work with that are not under our control. The question of changing databases had already been asked and he repeated that he could not change. So lets just do our best to support each other. I don't use MSAccess for mine, but may need to accomodate the wishes of a client and this information might prove invaluable at that time. Just my humble opinion. Doug P.S. If you wish to flame me you are welcome to do so, just send it to me directly. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Argument Type Mismatch
I was reading through the code, the session has a note on it with the password. I actually already wrote a custom realm implementation... I wanted to join the sessions all by using the session ID, which the realm doesn't have, which is why I figured at the creation of the session would be the best place. Honesly, I've already replaced a bunch of classes with my own, trying to do so without changing any Tomcat source, (by referencing them in through configuration). Since it's for a commercial project, and I don't think that we'll be wanting to give away the source (Does the Apache license require that?). I was considering extending GenericPrincipal in just such a manner in order to achieve that effect... 1 problem, is that safe security wise? Principal seems to get passed around a lot. Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 8:38 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch ahha - the session won't have the password. But the Realm will. (or might not depending on implementation). Actually - the Principal could have the password if it extends GenericPrincipal. If not, you could extend the Realm to ensure it does. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/realm/GenericPrincipal.html -Tim Hart, Justin wrote: I need access to the user's password, which all of the Servlet specific ones seem to guard the programmer from getting access to. Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 8:10 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch Ahh, I see. Why implement SessionListener which is tomcat specific when you can implement the Servlet specific ones in web.xml? Look at the code for SingleSignOn or any code that utilizes it as to how a SessionListener gets registered. I am guessing that you'll actuall need to implement a no-op Vavle that registers the Listener on initialization of the Vavle. But thats just a no code look swag. -Tim Hart, Justin wrote: I thought that there was something related to that, is it that it must implement LifeCycleListener SessionListener, or is SessionListener just not happening? How is it possible, if at all, to add my own SessionListener? Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 7:29 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch In server.xml, Listeners are LifeCycleListeners http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/LifecycleListener.html -Tim Hart, Justin wrote: Listener className=class inheriting from SessionListener/ I get an argument type mismatch error parsing my server.xml... Is there something wrong with this line? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SessionListener
Basic authentication. I figured it wouldn't be hard with Form authentication, but I'm
using basic in order to match the look and feel of the rest of the site.
Yeah, saw the same problem with Basu's implementation, though I did like the idea.
Justin
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 9:00 AM
To: Tomcat Users List
Subject: RE: SessionListener
Howdy,
Senor Basu, your solution is seriously not thread-safe. But that's for
you to worry about it, maybe it's good enough for your needs ;)
As for Senor Hart's questions:
- HttpSessionListener goes in web.xml, as do all other Servlet
Specification listeners.
- SessionListener goes in server.xml, as do all other Tomcat-specific
listeners.
SessionListener is not tied to HttpSessionListener or HttpSession
directly. You have to do a series of casts. The event object in the
SessionListener's SessionEvent is a catalina-specific Session
implementation. It will also implement the HttpSession interface. So
you can get from one to another by casting, but it's ugly (as is the
whole SessionListener solution).
Let's step back a minute: you have this whole hassle because you want
the user's password. You want the user's password in order to
authenticate the user. But with the getUserPrincipal approach, the user
is already authenticated if the Principal is not null. Alternatively,
if you have some input screen where the user enters the username and
password, grab them there instead of from the session. I think what's
missing here is the big picture: tell us what you're trying to do, what
authentication mechanism you're using, and let's forget about the
tomcat-specific hacks for a minute ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Atreya Basu [mailto:[EMAIL PROTECTED]
Sent: Monday, December 01, 2003 4:37 PM
To: Tomcat Users List
Subject: Re: SessionListener
Hi,
Here is how I use the HttpSessionListener.
First I create a Class that implements HttpSessionListener:
package com.gri.web;
import javax.servlet.http.*;
public MySessionListener implements HttpSessionListener
{
private static int num_sessions = 0;
private HttpSession session = null;
public void sessionCreated(HttpSessionEvent se)
{
num_sessions++;
session = se.getSession();
}
public void sessionDestroyed(HttpSessionEvent se)
{ num_session--;}
public static int getNumSessions() {return num_sessions; }
public static HttpSession getLastSession() { return session;}
}
Now include this in the web.xml for your context (directly after
filterfilter-mapping but before Servlet element):
|listener|
||| listener-classcom.gri.web.MySessionListener/listener-class
/listener||
now all you have to do is create a JSP:
jsp:root xmlns:jsp=http://java.sun.com/JSP/Page;
jsp:directive.page import=com.gri.web.* /
jsp:text
html
body
|Last user in session:
/jsp:text
jsp:expression
MySessionListener.getLastSession().getAttribute(j_username)
/jsp:expression
|jsp:text
|Username of current person
/jsp:text
jsp:expression
session.getAttribute(j_username)
/jsp:expression
|/jsp:root
|/body
/html
/jsp:root
Hart, Justin wrote:
Ok, still, I haven't found any documentation on how to add a
SessionListener in the server.xml file, and adding one using the
listener
tags defined for web.xml files doesn't seem to work.
I also haven't seen how to get a user's credentials from a
HttpSession, or
how to get a Session from an HttpSessionListener. Could you throw me a
bone?
Justin
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Monday, December 01, 2003 2:52 PM
To: Tomcat Users List
Subject: RE: SessionListener
Howdy,
A SessionListener of the org.apache.catalina variety would go in the
same place as all tomcat-specific features:
$CATALINA_HOME/conf/server.xml. That means the class specified there
must be accessible to the server classloaders, i.e. must reside in
common/lib or higher on the classloader hierarchy.
The above is true for Valves, Realms, Listeners, etc, that are
proprietary to tomcat.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Monday, December 01, 2003 11:53 AM
To: Tomcat Users List
Subject: RE: SessionListener
Ok, so, the listener in there must implement HttpSessionListener,
where
can
I use SessionListeners?
Justin
-Original Message-
From: Hart, Justin
Sent: Monday, December 01, 2003 11:34 AM
To: Tomcat Users List (E-mail)
Subject: SessionListener
My SessionListener doesn't seem to be firing, any help?
I have a SessionListener that I want to go off when a user
authenticates to
my web app (this is a correct usage, right?)
So, in the web.xml of my app, I would put the lines:
web-app
listener
listener-class
the class
/listener-class
/listener
/web-app
This should fire off when
RE: SessionListener
How will the container get my user logged into the database? My plan was to use the
username password to authenticate to my database so the user only operates with
their perms in the database. My original approach was through realm, but this left
the problem of figuring out which user was tied to which session.
D'oh!
Nevermind, damnit... I spent a week doing this, and I figured it out.
I wanted to use session ID, which I don't have in the realm, instead, I use their
principal! The principal isn't unique to the session... but it doesn't need to be, in
fact, it's BETTER if it isn't, because then if the same user logs in multiple times,
it will share a database connection, meaning I open fewer database connections (of
which there are a limitted pool).
Ok, so my realm implementation will authenticate to the database, the JSP will use the
userprincipal to pair the authenticated user to their connection... better yet, the
hash, so it's a bit more optimal.
*SLAPS FOREHEAD!*
Justin
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 9:13 AM
To: Tomcat Users List
Subject: RE: SessionListener
Howdy,
Basic authentication. I figured it wouldn't be hard with Form
authentication, but I'm using basic in order to match the look and feel
of
the rest of the site.
OK, so you have basic authentication. Do you have a security-constraint
defined in web.xml? A login-config? You can let tomcat do the
authentication for you, and then use the HttpServletRequest methods
(getRemoteUser, getUserPrincipal, isUserInRole). This is a standard,
easy, portable way, and you don't have to write any custom tomcat code.
Your webapp will not have access to the user's password, but you won't
need it either since the container will authenticate it for you.
Does that fill your needs?
Yoav Shapira
Yeah, saw the same problem with Basu's implementation, though I did
like
the idea.
Justin
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 9:00 AM
To: Tomcat Users List
Subject: RE: SessionListener
Howdy,
Senor Basu, your solution is seriously not thread-safe. But that's for
you to worry about it, maybe it's good enough for your needs ;)
As for Senor Hart's questions:
- HttpSessionListener goes in web.xml, as do all other Servlet
Specification listeners.
- SessionListener goes in server.xml, as do all other Tomcat-specific
listeners.
SessionListener is not tied to HttpSessionListener or HttpSession
directly. You have to do a series of casts. The event object in the
SessionListener's SessionEvent is a catalina-specific Session
implementation. It will also implement the HttpSession interface. So
you can get from one to another by casting, but it's ugly (as is the
whole SessionListener solution).
Let's step back a minute: you have this whole hassle because you want
the user's password. You want the user's password in order to
authenticate the user. But with the getUserPrincipal approach, the
user
is already authenticated if the Principal is not null. Alternatively,
if you have some input screen where the user enters the username and
password, grab them there instead of from the session. I think what's
missing here is the big picture: tell us what you're trying to do, what
authentication mechanism you're using, and let's forget about the
tomcat-specific hacks for a minute ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Atreya Basu [mailto:[EMAIL PROTECTED]
Sent: Monday, December 01, 2003 4:37 PM
To: Tomcat Users List
Subject: Re: SessionListener
Hi,
Here is how I use the HttpSessionListener.
First I create a Class that implements HttpSessionListener:
package com.gri.web;
import javax.servlet.http.*;
public MySessionListener implements HttpSessionListener
{
private static int num_sessions = 0;
private HttpSession session = null;
public void sessionCreated(HttpSessionEvent se)
{
num_sessions++;
session = se.getSession();
}
public void sessionDestroyed(HttpSessionEvent se)
{ num_session--;}
public static int getNumSessions() {return num_sessions; }
public static HttpSession getLastSession() { return session;}
}
Now include this in the web.xml for your context (directly after
filterfilter-mapping but before Servlet element):
|listener|
||| listener-classcom.gri.web.MySessionListener/listener-class
/listener||
now all you have to do is create a JSP:
jsp:root xmlns:jsp=http://java.sun.com/JSP/Page;
jsp:directive.page import=com.gri.web.* /
jsp:text
html
body
|Last user in session:
/jsp:text
jsp:expression
MySessionListener.getLastSession().getAttribute(j_username)
/jsp:expression
|jsp:text
|Username of current person
/jsp:text
jsp:expression
session.getAttribute(j_username)
/jsp:expression
|/jsp:root
|/body
/html
/jsp:root
Hart, Justin wrote:
Ok, still, I haven't found any documentation on how to add
RE: SessionListener
Won't quite do it, JDBCRealm looks for users in a database, I want to connect a user
TO a database using their credentials, but the code to do this feat will be quite
minimal by comparison.
Thanks for bouncing ideas off me! It's been most fun :-)
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 9:23 AM
To: Tomcat Users List
Subject: RE: SessionListener
Howdy,
Yes, now you got it ;) It's these simple misunderstandings that often
cause a lot of debate. As a bonus, your approach will work very well in
any J2EE container.
You may not have to do any custom coding, just the JDBC realm.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 9:22 AM
To: Tomcat Users List
Subject: RE: SessionListener
How will the container get my user logged into the database? My plan
was
to use the username password to authenticate to my database so the
user
only operates with their perms in the database. My original approach
was
through realm, but this left the problem of figuring out which user was
tied to which session.
D'oh!
Nevermind, damnit... I spent a week doing this, and I figured it out.
I wanted to use session ID, which I don't have in the realm, instead, I
use
their principal! The principal isn't unique to the session... but it
doesn't need to be, in fact, it's BETTER if it isn't, because then if
the
same user logs in multiple times, it will share a database connection,
meaning I open fewer database connections (of which there are a
limitted
pool).
Ok, so my realm implementation will authenticate to the database, the
JSP
will use the userprincipal to pair the authenticated user to their
connection... better yet, the hash, so it's a bit more optimal.
*SLAPS FOREHEAD!*
Justin
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 9:13 AM
To: Tomcat Users List
Subject: RE: SessionListener
Howdy,
Basic authentication. I figured it wouldn't be hard with Form
authentication, but I'm using basic in order to match the look and
feel
of
the rest of the site.
OK, so you have basic authentication. Do you have a security-constraint
defined in web.xml? A login-config? You can let tomcat do the
authentication for you, and then use the HttpServletRequest methods
(getRemoteUser, getUserPrincipal, isUserInRole). This is a standard,
easy, portable way, and you don't have to write any custom tomcat code.
Your webapp will not have access to the user's password, but you won't
need it either since the container will authenticate it for you.
Does that fill your needs?
Yoav Shapira
Yeah, saw the same problem with Basu's implementation, though I did
like
the idea.
Justin
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 9:00 AM
To: Tomcat Users List
Subject: RE: SessionListener
Howdy,
Senor Basu, your solution is seriously not thread-safe. But that's
for
you to worry about it, maybe it's good enough for your needs ;)
As for Senor Hart's questions:
- HttpSessionListener goes in web.xml, as do all other Servlet
Specification listeners.
- SessionListener goes in server.xml, as do all other Tomcat-specific
listeners.
SessionListener is not tied to HttpSessionListener or HttpSession
directly. You have to do a series of casts. The event object in the
SessionListener's SessionEvent is a catalina-specific Session
implementation. It will also implement the HttpSession interface. So
you can get from one to another by casting, but it's ugly (as is the
whole SessionListener solution).
Let's step back a minute: you have this whole hassle because you want
the user's password. You want the user's password in order to
authenticate the user. But with the getUserPrincipal approach, the
user
is already authenticated if the Principal is not null. Alternatively,
if you have some input screen where the user enters the username and
password, grab them there instead of from the session. I think what's
missing here is the big picture: tell us what you're trying to do,
what
authentication mechanism you're using, and let's forget about the
tomcat-specific hacks for a minute ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Atreya Basu [mailto:[EMAIL PROTECTED]
Sent: Monday, December 01, 2003 4:37 PM
To: Tomcat Users List
Subject: Re: SessionListener
Hi,
Here is how I use the HttpSessionListener.
First I create a Class that implements HttpSessionListener:
package com.gri.web;
import javax.servlet.http.*;
public MySessionListener implements HttpSessionListener
{
private static int num_sessions = 0;
private HttpSession session = null;
public void sessionCreated(HttpSessionEvent se)
{
num_sessions++;
session = se.getSession();
}
public void sessionDestroyed(HttpSessionEvent se)
{ num_session
RE: Argument Type Mismatch
I figured it out, see the SessionListener thread. Instead of worrying about Session IDs, I'll use the principal to identify the user (hell, that's what the rest of the system does). See, I needed a way to pair a user to the connection, if I use a hash of the principal, I can do so just as optimally as any implementation creating the pairing with Session ID (which is a 1 time shot anyway). Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 8:38 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch ahha - the session won't have the password. But the Realm will. (or might not depending on implementation). Actually - the Principal could have the password if it extends GenericPrincipal. If not, you could extend the Realm to ensure it does. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/realm/GenericPrincipal.html -Tim Hart, Justin wrote: I need access to the user's password, which all of the Servlet specific ones seem to guard the programmer from getting access to. Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 8:10 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch Ahh, I see. Why implement SessionListener which is tomcat specific when you can implement the Servlet specific ones in web.xml? Look at the code for SingleSignOn or any code that utilizes it as to how a SessionListener gets registered. I am guessing that you'll actuall need to implement a no-op Vavle that registers the Listener on initialization of the Vavle. But thats just a no code look swag. -Tim Hart, Justin wrote: I thought that there was something related to that, is it that it must implement LifeCycleListener SessionListener, or is SessionListener just not happening? How is it possible, if at all, to add my own SessionListener? Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 7:29 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch In server.xml, Listeners are LifeCycleListeners http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/LifecycleListener.html -Tim Hart, Justin wrote: Listener className=class inheriting from SessionListener/ I get an argument type mismatch error parsing my server.xml... Is there something wrong with this line? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SessionListener
Unfortunately, the paranoia is founded in this case, though I do agree. Justin -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 10:23 AM To: Tomcat Users List Subject: Re: SessionListener Justin, Won't quite do it, JDBCRealm looks for users in a database, I want to connect a user TO a database using their credentials, but the code to do this feat will be quite minimal by comparison. This will make it hard to use a connection pool (which you mentioned that you do/want to do). Is there a particular reason for the database access paranoia? Most apps connect to the db using the same login regardless of the user actually logged in to the application. They use other types of permission checking to see if you can perform some action, instead of relying on thr database for that kind of checking. I absolutely agree that having multiple layers of security is great, but this one may make your application suck really bad, especially if you are using a db like Oracle, where the database connections are anything but lightweight. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Configure tomcat for LDAP
JNDIRealm can be used to authenticate users against an LDAP (I'm guessing in this case ActiveDirectory). You will, however, want to use Basic authentication, and prompt the user username for a username and password. Justin -Original Message- From: Damien Pacaud [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 10:16 AM To: Tomcat Users List Subject: Configure tomcat for LDAP Hi, i want to use LDAP to athenticate my users on a JSP application and would like to know how to configure TOMCAT so that i can acces the login of the current user through a jsp ? for now, i have it all set on apache, in the virtual host using ath_ldap . my problem is that the request.getRemoteUser() method always returns null in my jsp application... but apache writes the login of the user in the acces.log so i guess it is a conf problem with tomcat... Does anyone have an idea, or a url that could halp ?? thanks in advance --- le présent message (ainsi que ses éventuelles pièces jointes) peut contenir des informations confidentielles. Etant établi à l'intention de ses destinataires, son utilisation ou diffusion non autorisée est interdite. Tout message électronique étant susceptible d'altération, Prisma Presse décline toute responsabilité au titre dudit message en cas de falsification. Ce message a été traité par un anti virus et aucun virus connu n'a été détecté. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question using JProfiler with Tomcat
You saw the 30 MB in JProfiler? I haven't used it myself, but I would imagine that JProfiler tares its own consumption off of the scores. Justin -Original Message- From: Laurent Michenaud [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: Question using JProfiler with Tomcat Hi, I'm using Jprofiler to monitor my web application running on Tomcat. My Webapp uses XML/XSLTC to generate the html page. Looking at the JVM, I was horrified to see that some pages are using more than 30 Mo of memory. So, I've added another webapp that shows the JVM ( graphic in a applet ). This applet shows differents values from Jprofiler about memory consumption. The used memory is not so much. I think it is due to the fact that Jprofiler creates a lot of objects to inspect the JVM. So my conclusion is : Don't use Jprofiler to see our much memory your web application use ! Or divide the obtained values by 3 or 4. What's your opinion about that ? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SessionListener
My SessionListener doesn't seem to be firing, any help? I have a SessionListener that I want to go off when a user authenticates to my web app (this is a correct usage, right?) So, in the web.xml of my app, I would put the lines: web-app listener listener-class the class /listener-class /listener /web-app This should fire off when the user signs in to the page, correct? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SessionListener
Ok, so, the listener in there must implement HttpSessionListener, where can I use SessionListeners? Justin -Original Message- From: Hart, Justin Sent: Monday, December 01, 2003 11:34 AM To: Tomcat Users List (E-mail) Subject: SessionListener My SessionListener doesn't seem to be firing, any help? I have a SessionListener that I want to go off when a user authenticates to my web app (this is a correct usage, right?) So, in the web.xml of my app, I would put the lines: web-app listener listener-class the class /listener-class /listener /web-app This should fire off when the user signs in to the page, correct? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Listening to Session Creation... Need Access to Session
Ok, here's what I've tried. 1) Implement SessionListener, put in web.xml file in listener tags. This never seems to run. 2) Implement HttpSessionListener, put in web.xml file in listener tags. This runs, but doesn't seem to have access to the Session (I need the username and pass off the Session to authenticate to a database). 3) Implement a Valve to do the same. I saw that SingleSignOn uses a valve implementation, and is a SessionListener. I see that it sets itself up to listen to its sessions, but now how this code is ever called! So, my question is: 1) Can I use SessionListener in any meaningful way? Is there a way to add this to my xml files that I am unaware of? 2) Can I get to the Session (or at least the data I need) from HttpSessionListener? 3) Why isn't my valve running? It's just valve className=theClass in my server.xml, right? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Listening to Session Creation... Need Access to Session
What am I looking for in order to get the username/password out of this? I'm using BASIC authentication. Are these credentials dumped somewhere that I could find them? I haven't been able to find that data in HttpSession? Justin -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 2:39 PM To: Tomcat Users List Subject: RE: Listening to Session Creation... Need Access to Session Howdy, 1) Implement SessionListener, put in web.xml file in listener tags. This never seems to run. 2) Implement HttpSessionListener, put in web.xml file in listener tags. This runs, but doesn't seem to have access to the Session (I need the username and pass off the Session to authenticate to a database). 3) Implement a Valve to do the same. I'm not going to waste time on approaches 1 and 3, as they're tomcat-specific. #2 will work: you will get the event, with access to the session, once the session is created. It has no attributes at that time, so any getAttribute call will return null. Perhaps you are really looking for a session attribute listener? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SessionListener
Ok, still, I haven't found any documentation on how to add a SessionListener in the server.xml file, and adding one using the listener tags defined for web.xml files doesn't seem to work. I also haven't seen how to get a user's credentials from a HttpSession, or how to get a Session from an HttpSessionListener. Could you throw me a bone? Justin -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 2:52 PM To: Tomcat Users List Subject: RE: SessionListener Howdy, A SessionListener of the org.apache.catalina variety would go in the same place as all tomcat-specific features: $CATALINA_HOME/conf/server.xml. That means the class specified there must be accessible to the server classloaders, i.e. must reside in common/lib or higher on the classloader hierarchy. The above is true for Valves, Realms, Listeners, etc, that are proprietary to tomcat. Yoav Shapira Millennium ChemInformatics -Original Message- From: Hart, Justin [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 11:53 AM To: Tomcat Users List Subject: RE: SessionListener Ok, so, the listener in there must implement HttpSessionListener, where can I use SessionListeners? Justin -Original Message- From: Hart, Justin Sent: Monday, December 01, 2003 11:34 AM To: Tomcat Users List (E-mail) Subject: SessionListener My SessionListener doesn't seem to be firing, any help? I have a SessionListener that I want to go off when a user authenticates to my web app (this is a correct usage, right?) So, in the web.xml of my app, I would put the lines: web-app listener listener-class the class /listener-class /listener /web-app This should fire off when the user signs in to the page, correct? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SessionListener
I still don't see how one gets a session from HttpSession or user credentials? I see how to get a UserPrincipal, but without the password, I still can't authenticate the user :-/ Am I missing something? Justin -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 3:18 PM To: Tomcat Users List Subject: RE: SessionListener Howdy, Ok, still, I haven't found any documentation on how to add a SessionListener in the server.xml file, and adding one using the listener tags defined for web.xml files doesn't seem to work. The XML is the similar but not quite the same to the portable one: listener className=mypackage.myclass ... / There is a generic example in the Engine configuration reference, and another more specific example in the Host configuration reference. Neither, however, is a SessionListener example. There IS one specific, full-features SessionListener example: the SingleSignOn valve. It's present (but commented out) in server.xml by default, and you can take a look at the source code. It's a more complicated and confusing example because it's also a Valve ;( But then again, I wouldn't even bother with this whole approach when you have the HttpSessionListener as part of the servlet specification. where ... are attributes specific to your listener. (The astute reader would recognize the above as a commons Digester bean-based initialization pattern). I also haven't seen how to get a user's credentials from a HttpSession, or how to get a Session from an HttpSessionListener. Could you throw me a bone? If the user is authenticated by the server, typically the information is not in the session, it's in the request: HttpServletRequest#getUserPrincipal. A common use-case is to stuff this in the session via a filter. If you had an attribute called username that something was stuffing into the session, i.e. something like a filter calling session.setAttribute(username, something), then an HttpSessionAttributeListener's attributeAdded would be called with the attribute name and latest value. Yoav This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SessionListener
If this can be done with HttpSessionListener, than I am game. What I want to do, is get the username and password when the user signs on, so I can then use this data to authenticate the user to other programs as themselves. I'm using BASIC authentication, and trying to avoid having them sign on a second time, any way to get the username and password using HttpSessionListener without having them retype the data? Justin -Original Message- From: Atreya Basu [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 4:07 PM To: Tomcat Users List Subject: Re: SessionListener Sorry, I should have added to this earlier, but I thought that SessionListener should go in the web.xml document under the Listener element. Or am I thinking about HttpSessionListener which is different Anyways if it is HttpSessionListener that you are talking about I can provide some examples. Cheers, Shapira, Yoav wrote: Howdy, Ok, still, I haven't found any documentation on how to add a SessionListener in the server.xml file, and adding one using the listener tags defined for web.xml files doesn't seem to work. The XML is the similar but not quite the same to the portable one: listener className=mypackage.myclass ... / There is a generic example in the Engine configuration reference, and another more specific example in the Host configuration reference. Neither, however, is a SessionListener example. There IS one specific, full-features SessionListener example: the SingleSignOn valve. It's present (but commented out) in server.xml by default, and you can take a look at the source code. It's a more complicated and confusing example because it's also a Valve ;( But then again, I wouldn't even bother with this whole approach when you have the HttpSessionListener as part of the servlet specification. where ... are attributes specific to your listener. (The astute reader would recognize the above as a commons Digester bean-based initialization pattern). I also haven't seen how to get a user's credentials from a HttpSession, or how to get a Session from an HttpSessionListener. Could you throw me a bone? If the user is authenticated by the server, typically the information is not in the session, it's in the request: HttpServletRequest#getUserPrincipal. A common use-case is to stuff this in the session via a filter. If you had an attribute called username that something was stuffing into the session, i.e. something like a filter calling session.setAttribute(username, something), then an HttpSessionAttributeListener's attributeAdded would be called with the attribute name and latest value. Yoav This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Developer Greenfield Research Inc. atreya(AT)greenfieldresearch(DOT)ca (902)422-9426 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Argument Type Mismatch
Listener className=class inheriting from SessionListener/ I get an argument type mismatch error parsing my server.xml... Is there something wrong with this line? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Argument Type Mismatch
I thought that there was something related to that, is it that it must implement LifeCycleListener SessionListener, or is SessionListener just not happening? How is it possible, if at all, to add my own SessionListener? Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 7:29 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch In server.xml, Listeners are LifeCycleListeners http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/LifecycleListener.html -Tim Hart, Justin wrote: Listener className=class inheriting from SessionListener/ I get an argument type mismatch error parsing my server.xml... Is there something wrong with this line? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Argument Type Mismatch
I need access to the user's password, which all of the Servlet specific ones seem to guard the programmer from getting access to. Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 8:10 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch Ahh, I see. Why implement SessionListener which is tomcat specific when you can implement the Servlet specific ones in web.xml? Look at the code for SingleSignOn or any code that utilizes it as to how a SessionListener gets registered. I am guessing that you'll actuall need to implement a no-op Vavle that registers the Listener on initialization of the Vavle. But thats just a no code look swag. -Tim Hart, Justin wrote: I thought that there was something related to that, is it that it must implement LifeCycleListener SessionListener, or is SessionListener just not happening? How is it possible, if at all, to add my own SessionListener? Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 7:29 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch In server.xml, Listeners are LifeCycleListeners http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/LifecycleListener.html -Tim Hart, Justin wrote: Listener className=class inheriting from SessionListener/ I get an argument type mismatch error parsing my server.xml... Is there something wrong with this line? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: nsapi_redirect.dll
You mean asapi_redirect.dll? I don't know what net.commerce 3 is, but you'd use asapi_redirect.dll to connect to IIS (and I would assume any web server that uses asapi). Justin -Original Message- From: Wilson Chang [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 11:03 PM To: '[EMAIL PROTECTED]' Cc: Wilson Chang Subject: nsapi_redirect.dll To whom it may conern, I am a tomcat, net.commerce 3 user, I would like to use tomcat to integrate with Net.Commerce, I found some of the document about how to do it. However, it needs nsapi_redirect.dll, but I can't find where to d/l it. anyone can help to let me d/l it ? many thanks, Wilson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Security Hole - server.xml
You're not reusing the passwords anywhere else in the system (IE, you don't have a multi-tier login, do you?) If you do, you can quite feasibly shadow the passwords. I don't know if such an implementation exists in tomcat, but I would assume that someone, somewhere, has written a realm implementation that works with a .htaccess file, if not, you can always connect Tomcat to Apache. Having written a customized realm implementation only yesterday, I can assure you that it isn't too terribly difficult to do so, as the security is pretty well laid out in Tomcat. Justin -Original Message- From: Curley, Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 8:53 AM To: Tomcat Users List Subject: RE: Security Hole - server.xml I'd feel more secure with an MD5 or SHA1 encrypted user and password that relying on unix file level security - what happens if a hacker gets root priv's ? thanks Thomas -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 13:51 To: Tomcat Users List Subject: Re: Security Hole - server.xml The username and password still need decrypted at some time. It just makes the attacker jump through 1 hoop. Using file permissions on the config file as well and server security are the ways to go. -Tim Curley, Thomas wrote: Hi all, A direct question arising from a security review :- Using a datasource it is possible to remove the 'username', 'password' or at least encrypt them using someting like MD5 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] * This email and any attachments are confidential and intended for the sole use of the intended recipient(s).If you receive this email in error please notify [EMAIL PROTECTED] and delete it from your system. Any unauthorized dissemination, retransmission, or copying of this email and any attachments is prohibited. Euroconex does not accept any responsibility for any breach of confidence, which may arise from the use of email. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the Company. This message has been scanned for known computer viruses. * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Security Hole - server.xml
Well, right, but if you were to inherit from the realm that you wanted to use, you can manipulate the password field in any way that you wish. Unix password shadows are plantext, as are MD5 hashes. All you do now is run MD5 over the password field in the authenticate method, and viola, you have MD5 to store your passwords with. Justin -Original Message- From: Curley, Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 1:13 PM To: Tomcat Users List Subject: RE: Security Hole - server.xml Note - in reply to Justin - I don't have a multi-tier login So to sumarise I guess the ansswer to this is that Tomcat currently does not support encrypted datasource user/passwd or does not allow the option to enter user/passwd at startup The most one can do is to apply strict unix permissions to server.xml Thomas -Original Message- From: Bob Jacoby [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 17:10 To: [EMAIL PROTECTED] Subject: RE: Security Hole - server.xml I consider things like this. By encrypting the password I'm protecting against casual learning of the password. I'm not really referring to hackers, but administrators of the system. There's a big difference between a hacker and an administrator. What if I need the administrator to add a new entry? Do I tell him to not look at the other entries or hold up some Men in Black gizmo after he's done to make him forget what he saw? How can I prove that the admin knowingly looked at the file to get the passwords as opposed to just making a mistake? If the passwords are encrypted the administrator would have to take a deliberate action to learn the passwords that generally can't be chalked up to a mistake. I think a similar argument applies to why Unix passwords are encrypted. By some of the arguments I've seen in response to the original post people seem to think that if a specific security precaution doesn't absolutely protect the system there's no point in doing it. By that argument, and given that there are no absolutes with respect to security, what's the point of implementing any security in the first place? This question is to those who say it's pointless to encrypt the passwords since they can be discovered via some means - not a general question of why any security should be implemented. :) Bob [EMAIL PROTECTED] 11/26/03 08:09AM From: Curley, Thomas [mailto:[EMAIL PROTECTED] I'd feel more secure with an MD5 or SHA1 encrypted user and password that relying on unix file level security - what happens if a hacker gets root priv's ? Er ... Without wishing to flame, but if they've got root priv's they can do what they like! They could still sniff the network and get this info what ever the app server, unless you DB server supports SSL in which case it becomes more complex. Although weblogic appears to encrypt this, if you script the startup, the admin username/password is still avaliable and hence the encrypted passwords can be unencrypted (as the app server has to send the password to the DB) - so you just slow someone down, but if they have some brains will get through eventually. Greg thanks Thomas -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 13:51 To: Tomcat Users List Subject: Re: Security Hole - server.xml The username and password still need decrypted at some time. It just makes the attacker jump through 1 hoop. Using file permissions on the config file as well and server security are the ways to go. -Tim Curley, Thomas wrote: Hi all, A direct question arising from a security review :- Using a datasource it is possible to remove the 'username', 'password' or at least encrypt them using someting like MD5 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** *** This email and any attachments are confidential and intended for the sole use of the intended recipient(s).If you receive this email in error please notify [EMAIL PROTECTED] and delete it from your system. Any unauthorized dissemination, retransmission, or copying of this email and any attachments is prohibited. Euroconex does not accept any responsibility for any breach of confidence, which may arise from the use of email. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the Company. This message has been scanned for known computer viruses. ** *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
RE: Security Hole - server.xml
No prob, good luck. -Original Message- From: Curley, Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 1:21 PM To: Tomcat Users List Subject: RE: Security Hole - server.xml thanks for your time Justin - I will look into this - T -Original Message- From: Hart, Justin [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 18:17 To: Tomcat Users List Subject: RE: Security Hole - server.xml Well, right, but if you were to inherit from the realm that you wanted to use, you can manipulate the password field in any way that you wish. Unix password shadows are plantext, as are MD5 hashes. All you do now is run MD5 over the password field in the authenticate method, and viola, you have MD5 to store your passwords with. Justin -Original Message- From: Curley, Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 1:13 PM To: Tomcat Users List Subject: RE: Security Hole - server.xml Note - in reply to Justin - I don't have a multi-tier login So to sumarise I guess the ansswer to this is that Tomcat currently does not support encrypted datasource user/passwd or does not allow the option to enter user/passwd at startup The most one can do is to apply strict unix permissions to server.xml Thomas -Original Message- From: Bob Jacoby [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 17:10 To: [EMAIL PROTECTED] Subject: RE: Security Hole - server.xml I consider things like this. By encrypting the password I'm protecting against casual learning of the password. I'm not really referring to hackers, but administrators of the system. There's a big difference between a hacker and an administrator. What if I need the administrator to add a new entry? Do I tell him to not look at the other entries or hold up some Men in Black gizmo after he's done to make him forget what he saw? How can I prove that the admin knowingly looked at the file to get the passwords as opposed to just making a mistake? If the passwords are encrypted the administrator would have to take a deliberate action to learn the passwords that generally can't be chalked up to a mistake. I think a similar argument applies to why Unix passwords are encrypted. By some of the arguments I've seen in response to the original post people seem to think that if a specific security precaution doesn't absolutely protect the system there's no point in doing it. By that argument, and given that there are no absolutes with respect to security, what's the point of implementing any security in the first place? This question is to those who say it's pointless to encrypt the passwords since they can be discovered via some means - not a general question of why any security should be implemented. :) Bob [EMAIL PROTECTED] 11/26/03 08:09AM From: Curley, Thomas [mailto:[EMAIL PROTECTED] I'd feel more secure with an MD5 or SHA1 encrypted user and password that relying on unix file level security - what happens if a hacker gets root priv's ? Er ... Without wishing to flame, but if they've got root priv's they can do what they like! They could still sniff the network and get this info what ever the app server, unless you DB server supports SSL in which case it becomes more complex. Although weblogic appears to encrypt this, if you script the startup, the admin username/password is still avaliable and hence the encrypted passwords can be unencrypted (as the app server has to send the password to the DB) - so you just slow someone down, but if they have some brains will get through eventually. Greg thanks Thomas -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 13:51 To: Tomcat Users List Subject: Re: Security Hole - server.xml The username and password still need decrypted at some time. It just makes the attacker jump through 1 hoop. Using file permissions on the config file as well and server security are the ways to go. -Tim Curley, Thomas wrote: Hi all, A direct question arising from a security review :- Using a datasource it is possible to remove the 'username', 'password' or at least encrypt them using someting like MD5 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** *** This email and any attachments are confidential and intended for the sole use of the intended recipient(s).If you receive this email in error please notify [EMAIL PROTECTED] and delete it from your system. Any unauthorized dissemination, retransmission, or copying of this email and any attachments is prohibited. Euroconex does not accept any responsibility for any breach of confidence, which may arise from the use of email. Please note that any views or opinions presented
Tomcat Multi-Tier Authentication
Is there anywhere in tomcat that there is convenient access to: 1) The authenticated principal 2) The session 3) The private credentials associated with the principal Or even just the username, password and session? I want to authenticate a user to my database (IE, the guy who logs into the site logs into the database software as well), and associate this connection with the session ID (the database connection occurs in some RMI routines). Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 4.1.27/IE 6.0 Lockup
http://www.dcs.napier.ac.uk/~shaun/rtse/week06.pdf :-) Justin -Original Message- From: Antonio Fiol Bonnín [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 3:42 PM To: Tomcat Users List Subject: Re: Tomcat 4.1.27/IE 6.0 Lockup Hi, What do you mean by real-time? Red.es uses Tomcat for the Spanish NIC domain registration system. Good experience so far... If you want sth more specific, please ask me privately. Antonio Fiol S R wrote: Chris, Yup - quite a busy front end! Typically 100 dynamic objects (images swaps, formatted numbers) displaying factory data. Doe anybody have experience of Tomcat being used 24x7x365 for real-time type applications? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Extending JNDIRealm
Ok, why?
What am I doing that should cause a stack overflow?
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2003 7:26 PM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Odd, based on what I see so far, I would expect it to crash with a
StackOverFlow exception.
-Tim
Hart, Justin wrote:
Whoops, the code is actually as follows...
No sure what's going on with this code... I'm attempting to extend JNDIRealm so I
can add a few features I need for my site, I have an interesting issue, however.
If, I try this :
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username);
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
username gets printed, and the system works properly
However, if I try something akin to this
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username.length());
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
It crashes with a null pointer exception.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Extending JNDIRealm
I *cough* didn't download the JNDIRealm code. I'll go look into that.
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 25, 2003 9:28 AM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Based on what I saw so far ...
In JNDIRealm authenticate(String, String) gets a DirContext and calls
authenticate(DirContext, String, String).
Your code snippet which I assume overrides, authenticate(DirContext, String,
String) which calls super.authenticate(String, String).
Then ... super.authenticate(String, String) calls authenticate(DirContext,
String, String) which you had overridden which is indirect recursion.
-Tim
Hart, Justin wrote:
Ok, why?
What am I doing that should cause a stack overflow?
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2003 7:26 PM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Odd, based on what I see so far, I would expect it to crash with a
StackOverFlow exception.
-Tim
Hart, Justin wrote:
Whoops, the code is actually as follows...
No sure what's going on with this code... I'm attempting to extend JNDIRealm so I
can add a few features I need for my site, I have an interesting issue, however.
If, I try this :
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username);
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
username gets printed, and the system works properly
However, if I try something akin to this
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username.length());
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
It crashes with a null pointer exception.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Extending JNDIRealm
Wait, reading the stack trace doesn't show anything like that.
No, that can't be the issue.
Justin
-Original Message-
From: Hart, Justin
Sent: Tuesday, November 25, 2003 9:30 AM
To: Tomcat Users List
Subject: RE: Extending JNDIRealm
I *cough* didn't download the JNDIRealm code. I'll go look into that.
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 25, 2003 9:28 AM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Based on what I saw so far ...
In JNDIRealm authenticate(String, String) gets a DirContext and calls
authenticate(DirContext, String, String).
Your code snippet which I assume overrides, authenticate(DirContext, String,
String) which calls super.authenticate(String, String).
Then ... super.authenticate(String, String) calls authenticate(DirContext,
String, String) which you had overridden which is indirect recursion.
-Tim
Hart, Justin wrote:
Ok, why?
What am I doing that should cause a stack overflow?
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2003 7:26 PM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Odd, based on what I see so far, I would expect it to crash with a
StackOverFlow exception.
-Tim
Hart, Justin wrote:
Whoops, the code is actually as follows...
No sure what's going on with this code... I'm attempting to extend JNDIRealm so I
can add a few features I need for my site, I have an interesting issue, however.
If, I try this :
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username);
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
username gets printed, and the system works properly
However, if I try something akin to this
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username.length());
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
It crashes with a null pointer exception.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Extending JNDIRealm
Read through the code, ran some example stuff. What I'm doing in my implementation is
fine.
Justin
-Original Message-
From: Hart, Justin
Sent: Tuesday, November 25, 2003 9:31 AM
To: Tomcat Users List
Subject: RE: Extending JNDIRealm
Wait, reading the stack trace doesn't show anything like that.
No, that can't be the issue.
Justin
-Original Message-
From: Hart, Justin
Sent: Tuesday, November 25, 2003 9:30 AM
To: Tomcat Users List
Subject: RE: Extending JNDIRealm
I *cough* didn't download the JNDIRealm code. I'll go look into that.
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 25, 2003 9:28 AM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Based on what I saw so far ...
In JNDIRealm authenticate(String, String) gets a DirContext and calls
authenticate(DirContext, String, String).
Your code snippet which I assume overrides, authenticate(DirContext, String,
String) which calls super.authenticate(String, String).
Then ... super.authenticate(String, String) calls authenticate(DirContext,
String, String) which you had overridden which is indirect recursion.
-Tim
Hart, Justin wrote:
Ok, why?
What am I doing that should cause a stack overflow?
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2003 7:26 PM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Odd, based on what I see so far, I would expect it to crash with a
StackOverFlow exception.
-Tim
Hart, Justin wrote:
Whoops, the code is actually as follows...
No sure what's going on with this code... I'm attempting to extend JNDIRealm so I
can add a few features I need for my site, I have an interesting issue, however.
If, I try this :
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username);
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
username gets printed, and the system works properly
However, if I try something akin to this
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username.length());
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
It crashes with a null pointer exception.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Extending JNDIRealm
Ok, for those interested, here's the real issue.
At some point in time (I don't know enough about tomcat to know when or why), before
it Tomcat has your username (at least with my config files, but it looks common since
JNDIRealm is checking for it too), authenticate is called with a null username. Since
the username is null, taking its length causes a null pointer exception. I added a
check, and now it works fine.
Justin
-Original Message-
From: Hart, Justin
Sent: Tuesday, November 25, 2003 10:19 AM
To: Tomcat Users List
Subject: RE: Extending JNDIRealm
Read through the code, ran some example stuff. What I'm doing in my implementation is
fine.
Justin
-Original Message-
From: Hart, Justin
Sent: Tuesday, November 25, 2003 9:31 AM
To: Tomcat Users List
Subject: RE: Extending JNDIRealm
Wait, reading the stack trace doesn't show anything like that.
No, that can't be the issue.
Justin
-Original Message-
From: Hart, Justin
Sent: Tuesday, November 25, 2003 9:30 AM
To: Tomcat Users List
Subject: RE: Extending JNDIRealm
I *cough* didn't download the JNDIRealm code. I'll go look into that.
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 25, 2003 9:28 AM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Based on what I saw so far ...
In JNDIRealm authenticate(String, String) gets a DirContext and calls
authenticate(DirContext, String, String).
Your code snippet which I assume overrides, authenticate(DirContext, String,
String) which calls super.authenticate(String, String).
Then ... super.authenticate(String, String) calls authenticate(DirContext,
String, String) which you had overridden which is indirect recursion.
-Tim
Hart, Justin wrote:
Ok, why?
What am I doing that should cause a stack overflow?
Justin
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2003 7:26 PM
To: Tomcat Users List
Subject: Re: Extending JNDIRealm
Odd, based on what I see so far, I would expect it to crash with a
StackOverFlow exception.
-Tim
Hart, Justin wrote:
Whoops, the code is actually as follows...
No sure what's going on with this code... I'm attempting to extend JNDIRealm so I
can add a few features I need for my site, I have an interesting issue, however.
If, I try this :
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username);
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
username gets printed, and the system works properly
However, if I try something akin to this
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username.length());
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
It crashes with a null pointer exception.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Access to Session ID from Realm
Is there a way to get at the Session ID from RealmBase? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Extending JNDIRealm
No sure what's going on with this code... I'm attempting to extend JNDIRealm so I can
add a few features I need for my site, I have an interesting issue, however.
If, I try this :
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username);
super.authenticate(username, credentials);
}
username gets printed, and the system works properly
However, if I try something akin to this
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username.length());
super.authenticate(username, credentials);
}
It crashes with a null pointer exception.
Eh?
Justin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Extending JNDIRealm
Whoops, the code is actually as follows...
No sure what's going on with this code... I'm attempting to extend JNDIRealm so I can
add a few features I need for my site, I have an interesting issue, however.
If, I try this :
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username);
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
username gets printed, and the system works properly
However, if I try something akin to this
public Principal authenticate(DirContext context, String username, String
credentials) throws NamingException {
Principal authPrincipal = null;
System.out.println(username.length());
authPrincipal = super.authenticate(username, credentials);
return authPrincipal;
}
It crashes with a null pointer exception.
Eh?
Justin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Realm Username Password from TagSupport
I would like to use a users username/password to login to a database as that user, after they authenticate HOPEFULLY using BASIC authentication. Is there anyway to do this? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: When is Tomcat 5 Release version scheduled to come out?
Only if you don't plan on releasing until the release is out, imhop. Justin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 2:08 PM To: Tomcat Users List Subject: Re: When is Tomcat 5 Release version scheduled to come out? Is it a good idea to use Tomcat 5 beta for develop and production if we wanted the clustering capabilities? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [off-topic] jakarta, java, indonesia
Sun's a big company, they probably named their conference room in order to distinguish it from other conference rooms. Jakarta, seems to me, to just be more interesting than A, B, C... Just like when you stay at a hotel and all of the conference rooms have names. Justin -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 2:18 PM To: 'Tomcat Users List' Subject: RE: [off-topic] jakarta, java, indonesia Oh yeah, 'not coincidentally' they say. I wonder why they name their conference room 'jakarta' in the first place anyways. I don't name my bedroom 'Tokyo Garden'... -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 12:04 PM To: Tomcat Users List Subject: RE: [off-topic] jakarta, java, indonesia Howdy, Actually, Jakarta was the name of the Sun conference room in which the majority of the meetings leading up to the agreement took place; not coincidentally, it's also the name of Indonesia's capital.). The meetings and agreement above were between Sun and Apache to come up with an open-source reference implementation of the Servlet and JSP APIs. See http://www.javaworld.com/javaworld/jw-06-1999/jw-06-sunapache.html Yoav Shapira Millennium ChemInformatics -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 1:32 PM To: 'Tomcat Users List' Subject: [off-topic] jakarta, java, indonesia Sorry, What's the connection between this place and the name of jakarta we use? The creator of the jakarta project was born there? Thanks! -Original Message- From: Rodrigo Ruiz [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 1:39 AM To: Tomcat Users List Subject: Re: hot deploy Leonardo Kenji Shikida wrote: is there an easy way to deploy a web application over another existent one without stopping tomcat and without killing the current sessions? Hi Leonardo, You can redeploy a webapp through the admin or manager applications. I have not tested myself, but I think that if you configure a persistent session manager (you can find more info on this in the configuration reference), active sessions should be stored before the webapp shutdown, and reloaded upong restarting it. HTH, Rodrigo Ruiz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Realm Username Password from TagSupport
I would like to authenticate my users with my database without prompting them a second time for a username and password. I have considered creating a subclass of JNDIRealm in order to do this, but I am resisting the urge to do this, figuring that there must be an easier way to implement mulit-tiered security with Tomcat. Unfortunately, somewhere, I need to be able to access the user's password in order to do this. So, what I'm wondering is if there is either a listener that I could implement, from which I could listen to users authenticating and use their username/password combos to login to my database, and then just associate this with their session ID, or if perhaps the user's password is accessible in some way, shape, or form from TagSupport. Justin -Original Message- From: Bryan LaPlante [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 2:20 PM To: Tomcat Users List Subject: Re: Realm Username Password from TagSupport Are you saying that you want to build a custom tag to do this. In any case here is the connection logic http://www.kickjava.com/1541.htm - Original Message - From: Hart, Justin [EMAIL PROTECTED] To: Tomcat Users List (E-mail) [EMAIL PROTECTED] Sent: Friday, November 21, 2003 12:27 PM Subject: Realm Username Password from TagSupport I would like to use a users username/password to login to a database as that user, after they authenticate HOPEFULLY using BASIC authentication. Is there anyway to do this? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Realm Username Password from TagSupport
Well, I want to authenticate them to my database, when they get authenticated for application (IE, login to MS SQL Server when they log into my site). I'm using BASIC authentication at the moment, but considering moving to form (since obviously the variable would get set in the form). I am, however, quite interested in continuing to use BASIC authentication, if at all possible, and still achieve this. I know I can do this by creating a subclass of JNDIRealm, and authenticating to my database from there, but it strikes me as a much better solution to have a listener that listens for signons, and then allow web apps to register for a sign-on type event. I figured that there must be some way to get to this information, as their seem to be several third party products that provide the programmer with at least similar functionality. Justin -Original Message- From: Bryan LaPlante [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 2:47 PM To: Tomcat Users List Subject: Re: Realm Username Password from TagSupport When your form is submitted, if you are looking up the user from the context you can keep that info in a session var. Be careful not to use cookie sessions for that since you don't want to send the passwd back to the client unless using SSL. TagSupport only offers a way to read in the body of your tag and encapsulate code used by the page author. I am assuming your are talking about 2 access points in the same application context. - Original Message - From: Hart, Justin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, November 21, 2003 1:24 PM Subject: RE: Realm Username Password from TagSupport I would like to authenticate my users with my database without prompting them a second time for a username and password. I have considered creating a subclass of JNDIRealm in order to do this, but I am resisting the urge to do this, figuring that there must be an easier way to implement mulit-tiered security with Tomcat. Unfortunately, somewhere, I need to be able to access the user's password in order to do this. So, what I'm wondering is if there is either a listener that I could implement, from which I could listen to users authenticating and use their username/password combos to login to my database, and then just associate this with their session ID, or if perhaps the user's password is accessible in some way, shape, or form from TagSupport. Justin -Original Message- From: Bryan LaPlante [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 2:20 PM To: Tomcat Users List Subject: Re: Realm Username Password from TagSupport Are you saying that you want to build a custom tag to do this. In any case here is the connection logic http://www.kickjava.com/1541.htm - Original Message - From: Hart, Justin [EMAIL PROTECTED] To: Tomcat Users List (E-mail) [EMAIL PROTECTED] Sent: Friday, November 21, 2003 12:27 PM Subject: Realm Username Password from TagSupport I would like to use a users username/password to login to a database as that user, after they authenticate HOPEFULLY using BASIC authentication. Is there anyway to do this? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
My Solution to Intercepting Login Information Realm Username Password from TagSupport
I think that what we BOTH need to do in this case is create a subclass of whatever realm we are using, and using this subclass provide our specific functionality, in my case authenticating to a database, in yours logging. Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: My Solution to Intercepting Login Information Realm Username Password from TagSupport
You and Gary related? Yeah, I use getRemoteUser() elsewhere, but have already started my multi-tiered authentication implementation by subclassing JNDIRealm, seems to work well enough :-) Justin Justin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 3:54 PM To: Tomcat Users List Subject: Re: My Solution to Intercepting Login Information Realm Username Password from TagSupport On 11/21/2003 09:11 PM Hart, Justin wrote: I think that what we BOTH need to do in this case is create a subclass of whatever realm we are using, and using this subclass provide our specific functionality, in my case authenticating to a database, in yours logging. I just tried searching the archives to find the thread but it's so slow I am getting frustrated - basically I'm not a guru if you weigh my questions against my answers on this list, but I did answer that question to say you cannot intercept login info when using CMS but you can get, after the event, the login name from request.getRemoteUser(). Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Configuration via database, rather than XML
I heard that it is possible to load Tomcat configurations from a database rather than from server.xml/web.xml files. Is this true? Is this difficult to configure? Are there shortcomings in this configuration? Justin
RE: Configuration via database, rather than XML
Cool, thanks. Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Wed 11/19/2003 11:43 AM To: Tomcat Users List Cc: Subject: Re: Configuration via database, rather than XML Not true. -Tim Hart, Justin wrote: I heard that it is possible to load Tomcat configurations from a database rather than from server.xml/web.xml files. Is this true? Is this difficult to configure? Are there shortcomings in this configuration? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Testing] Am I blacklisted?
Could I suggest the formation of such a list? j/k Justin -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 8:59 AM To: Tomcat Users List Subject: RE: Testing] Am I blacklisted? Howdy, There's no such thing as being blacklisted on this list ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Holger Klawitter [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 8:15 AM To: Tomcat Users List Subject: [OT: Testing] Am I blacklisted? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, my last mails did not arrive timely on the list. This mail is being sent 2003-11-17 14:14 MET. Let's see when it arrives. Mit freundlichem Gruß / With kind regards Holger Klawitter - -- lists at klawitter dot de -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/uMns1Xdt0HKSwgYRAu87AKCJpR9qfRIrQSPay4mwih2SGQqclACfRoz3 HFIigSj16bqgOjbtlWtsGcg= =tONc -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Testing] Am I blacklisted?
Ahh, that would explain why the traffic has been so light these days ;-) Justin -Original Message- From: Francois JEANMOUGIN [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 9:08 AM To: Tomcat Users List Subject: RE: Testing] Am I blacklisted? It exists, but you're probably blacklisted on it :) -Message d'origine- De : Hart, Justin [mailto:[EMAIL PROTECTED] Envoyé : lundi 17 novembre 2003 15:03 À : Tomcat Users List Objet : RE: Testing] Am I blacklisted? Could I suggest the formation of such a list? j/k Justin -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 8:59 AM To: Tomcat Users List Subject: RE: Testing] Am I blacklisted? Howdy, There's no such thing as being blacklisted on this list ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Holger Klawitter [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 8:15 AM To: Tomcat Users List Subject: [OT: Testing] Am I blacklisted? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, my last mails did not arrive timely on the list. This mail is being sent 2003-11-17 14:14 MET. Let's see when it arrives. Mit freundlichem Gruß / With kind regards Holger Klawitter - -- lists at klawitter dot de -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/uMns1Xdt0HKSwgYRAu87AKCJpR9qfRIrQSPay4mwih2SGQqclACfRoz3 HFIigSj16bqgOjbtlWtsGcg= =tONc -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
End of Session Event?
Is there an event listener or something that can detect when Tomcat decides to close a session with a user? IE this would hit both explicit logoff and incidental (the user closes the browser, and cookies expire and good things like that). Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Testing] Am I blacklisted?
Well, it is the start of Winter in North America, perhaps all of us are experiencing seasonal depression ;-) Justin -Original Message- From: Januski, Ken [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 11:46 AM To: Tomcat Users List Subject: RE: Testing] Am I blacklisted? Must be a slow-starting work week. -Original Message- From: Hart, Justin [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 9:20 AM To: Tomcat Users List Subject: RE: Testing] Am I blacklisted? Ahh, that would explain why the traffic has been so light these days ;-) Justin -Original Message- From: Francois JEANMOUGIN [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 9:08 AM To: Tomcat Users List Subject: RE: Testing] Am I blacklisted? It exists, but you're probably blacklisted on it :) -Message d'origine- De : Hart, Justin [mailto:[EMAIL PROTECTED] Envoyé : lundi 17 novembre 2003 15:03 À : Tomcat Users List Objet : RE: Testing] Am I blacklisted? Could I suggest the formation of such a list? j/k Justin -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 8:59 AM To: Tomcat Users List Subject: RE: Testing] Am I blacklisted? Howdy, There's no such thing as being blacklisted on this list ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Holger Klawitter [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 8:15 AM To: Tomcat Users List Subject: [OT: Testing] Am I blacklisted? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, my last mails did not arrive timely on the list. This mail is being sent 2003-11-17 14:14 MET. Let's see when it arrives. Mit freundlichem Gruß / With kind regards Holger Klawitter - -- lists at klawitter dot de -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/uMns1Xdt0HKSwgYRAu87AKCJpR9qfRIrQSPay4mwih2SGQqclACfRoz3 HFIigSj16bqgOjbtlWtsGcg= =tONc -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: End of Session Event?
Heh, works for me. Thanks. Justin -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 11:56 AM To: Tomcat Users List Subject: Re: End of Session Event? Justin, Is there an event listener or something that can detect when Tomcat decides to close a session with a user? IE this would hit both explicit logoff and incidental (the user closes the browser, and cookies expire and good things like that). Uhh... how about javax.servlet.http.HttpSessionListener? -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Microsoft Certificate Services
I'm having a bear of a time getting certificates from Microsoft Certificate Services into my java keystore. Has anyone else had this problem? Does anybody have a relatively good/simple solution? No matter what I do, keytool says that my certificate file is not in the correct format. Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: UNSUBSCRIBE!!!
Read the bottom of your email... Justin -Original Message- From: Jean B. Denis [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 6:50 PM To: 'Tomcat Users List' Subject: RE: UNSUBSCRIBE!!! Me t -Original Message- From: ArcherDaPunk [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 4:46 PM To: Tomcat Users List Subject: UNSUBSCRIBE!!! UNSUBSCRIBE ME PLEASE! OR TELL ME HOW!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help : Linux Debian
Download the Sun java installation that installs from a shell script, it runs fine. Also, Debian used to maintain a java package in their contrib branch, if you're using dselect via ftp. I've been on RedHat for about 6 months now, but I switched from Debian essentially to check up on my portfolio... now I just need them to hit $200 a share again. Justin -Original Message- From: Goehring, Chuck Mr., RCI - San Diego [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 11:59 AM To: Tomcat Users List Subject: RE: Help : Linux Debian Roberto, A few days ago, I went looking for Java for Debian when I was deciding which Linux port to use on a machine I was rebuilding. There is no Java from Sun that claims to run on it. The non-Sun compilers and libs for Java are available for Debian, but may not be complete. Their site has some info, but it didn't look very encouraging to me. I went back to Redhat. If you get it running, I'd like to hear about it. Chuck -Original Message- From: Roberto Bottoni - AfterBit (TMP) [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 1:58 AM To: Tomcat Users List Subject: Help : Linux Debian Anyone has successfully installed Apache 2 and Tomcat 4.1.29 on Debian? And most important.. the integration between Apache and Tomcat !! Roberto - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help : Linux Debian
People use Debian stable w/o compiling their own kernel/compiler/web servers? I thought that that was what unstable was for... except for the kernel part ;-) Justin -Original Message- From: James Neville [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 12:15 PM To: Tomcat Users List Subject: Re: Help : Linux Debian Guys, We're using an Apache 2/Tomcat 4.1.29 setup on Debian. Been running it for 13 months now (with older versions of Tomcat of course ;) ) Running several virtual hosts, some with Struts. All fine and dandy over here. Admittedly, we had the usual configuration woes, but I fail to see how Debian should differ from any other distro. True, it has a nice package manager; but thats unfortunately gone pretty much out of the window seeing as everything was compiled from source. Last time I checked the stable distro, Tomcat was still on v3, though I think the development branch had 4.0.something. not ideal. If you need any help/guidance, mail me off list, i'd be glad to help. Regards, James. Hart, Justin wrote: Download the Sun java installation that installs from a shell script, it runs fine. Also, Debian used to maintain a java package in their contrib branch, if you're using dselect via ftp. I've been on RedHat for about 6 months now, but I switched from Debian essentially to check up on my portfolio... now I just need them to hit $200 a share again. Justin -Original Message- From: Goehring, Chuck Mr., RCI - San Diego [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 11:59 AM To: Tomcat Users List Subject: RE: Help : Linux Debian Roberto, A few days ago, I went looking for Java for Debian when I was deciding which Linux port to use on a machine I was rebuilding. There is no Java from Sun that claims to run on it. The non-Sun compilers and libs for Java are available for Debian, but may not be complete. Their site has some info, but it didn't look very encouraging to me. I went back to Redhat. If you get it running, I'd like to hear about it. Chuck -Original Message- From: Roberto Bottoni - AfterBit (TMP) [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 1:58 AM To: Tomcat Users List Subject: Help : Linux Debian Anyone has successfully installed Apache 2 and Tomcat 4.1.29 on Debian? And most important.. the integration between Apache and Tomcat !! Roberto - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help : Linux Debian
Lots of Debian users compile just about everything from souds. I don't think that he means just Tomcat. A lot of us recompile our kernel from source, our compiler from source, and so forth. A lot of Linux users pick debian because it has a flexible package manager that will put up with us tinkering with our systems. Justin -Original Message- From: Harry Mantheakis [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 1:49 PM To: Tomcat Users List Subject: Re: Help : Linux Debian Hi James Admittedly, we had the usual configuration woes, but I fail to see how Debian should differ from any other distro. True, it has a nice package manager; but thats unfortunately gone pretty much out of the window seeing as everything was compiled from source. If you do not mind me asking: why would you need to re-compile Tomcat from source? Harry Mantheakis London, UK - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Server Tweaking
Hi, I've read of people having difficulties with their tomcat servers, where no page shows up the first time they try to load a page, and then when they hit refresh, it loads fine. I understand that this is just a tweaking issue with the config files, and have heard that there are a few standard steps that people can take to get around this. Anybody care to share? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Server Tweaking
K, I have this issue, and I've heard of it. Anybody got a fix? Justin -Original Message- From: David Rees [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2003 1:40 PM To: Tomcat Users List Subject: Re: Server Tweaking On Fri, November 7, 2003 at 6:36 am, Hart, Justin wrote: Hi, I've read of people having difficulties with their tomcat servers, where no page shows up the first time they try to load a page, and then when they hit refresh, it loads fine. I understand that this is just a tweaking issue with the config files, and have heard that there are a few standard steps that people can take to get around this. Anybody care to share? I for one have never heard of this issue and have been using Tomcat since 3.2 was first released. -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Server Tweaking
Version I'm running right now is 4.1.29. Issue first presented itself after I set up NT Authentication using BASIC JDNIRealm. Essentially, I get the popup to authenticate, then, the next page has this in its body: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=windows-1252/HEAD BODYPRE/PRE/BODY/HTML If I hit refresh, the next page I get is the acutal JSP I was hoping to serve up. Thanks BTW, I can't seem to find a solution to this anywhere! If you've got a thread you can pull on this, that would really help me a lot. Justin -Original Message- From: David Rees [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2003 2:18 PM To: Tomcat Users List Subject: RE: Server Tweaking On Fri, November 7, 2003 1at 0:40 am, Hart, Justin wrote: K, I have this issue, and I've heard of it. Anybody got a fix? Well, what version(s) of Tomcat are affected and do you have any references to the issue? Sounds like a serious bug in Tomcat to me. -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDIRealm...more
getRemoteUser() will give you the username of the user logged in. This is going to be
the name that they typed in when they got authenticated, not their DN.
Justin
-Original Message-
From: Dean Searle [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 06, 2003 6:58 AM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
getRemoteUser(), if your familiar with jsp's then you'll know how to use
it. Unfortunately I don't, but I guess that is why we have web
application developers on staff. :-)
Dean Searle
Computing Oasis
989.245.7369 (p)
989.921.3904 (f)
-Original Message-
From: Robyne Vaughn [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 05, 2003 5:00 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
Thanks for the pointer, I'll see about pointing to one of our 2 mail
servers. I wonder if they talk back and forth.
Also,
Do you know how I can extract the sign-ed on user's user-id once they've
authenticated?
robyne
-Original Message-
From: Dean Searle [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 05, 2003 2:06 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
Great to hear that information worked for you. I included the
alternateURL in the event our primary AD went down for one reason or
another and our users could still access the password protected sites.
Without an alternate AD active or specified you will not have access to
your web applications.
-Original Message-
From: Robyne Vaughn [mailto:[EMAIL PROTECTED]
Sent: Wed 11/5/2003 13:46
To: Tomcat Users List
Cc:
Subject:RE: JNDIRealm...more
Dean!
Mine works!
A thousand thanks!
I hope I can return the favor some time.
Your nice explanation helped.
I did not need the alternatURL in mine. I found out that we have 2 mail
servers, well the server.xml only allows for 1 alternate. I decided to
try it without any and it worked.
Much appreciation,
Robyne Vaughn
-Original Message-
From: Dean Searle [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 9:48 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
Hello,
I hope that I am not to late to post here. I have just returned to the
land of the living and have started to catch up on my reading. I noticed
that Robyne you were trying to find the collective all for your users.
I have just recently figured this out after working on it for two days.
Here is my working server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://your.AD.com;
alternateURL=ldap://other.AD.com;
connectionName=cn=USER DISPLAY NAME,ou=FIRST
SUB-GROUP,dc=AD,dc=com
connectionPassword=XX
referrals=follow
userBase=dc=AD,dc=com
userSearch=(amp;(sAMAccountName={0})(objectClass=user))
userSubtree=true
roleBase=dc=AD,dc=com
roleSearch=(uniqueMember={0})
roleName=cn
/
KEY:
cn = common name
ou = organizational unit
dc = domain controller
your.AD.comwww.yahoo.com
other.AD.com mail.yahoo.com
USER DISPLAY NAME This is the full name that shows up in
your AD, ie user might be johnd but full
name is John Doe.
For the connection name and password, it must be user that has
authority to access AD. This part is necessary to connect.
FIRST SUB-GROUP This depends on how your organization is
built in AD. You might have departments like: Accounting, Human
Resources, Information Technologies.
In an AD structure it might look something like this:
COM
|
|_Yahoo
|
|
|_Accounting
| |_John Doe
|
|_Information Technologies
||_Jack Daniels
|
|_Human Resources
|_Mary Jane
sAMAccountName is the account name you most commonly login into
your computers with objectClass=user this should be user, as
defined in AD unless
your sys admin or someone has tampered
the AD.
referrals=follow this is necessary to traverse the full AD
without knowing the user's base location.
I hope that this clears up some issues for you. Please let me know if I
can help you more.
Dean E. Searle
Computing Oasis
989.245.7369 (P)
989.921.3904 (F)
-Original Message-
From: Robyne Vaughn [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 1:25 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
Thanks.
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 12:10 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
Good luck.
-Original Message-
From: Robyne Vaughn [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 1:07 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
Thanks, Justin,
You've given me some good pointers. I guess I'll do some more hammering
and snooping. Our AD is on a server
RE: ISAPI_REDIRECT.DLL Windows Server 2003
That seems to be a common problem, people have had mixed results getting that combo to work. I'm going to take a wild guess and say it's IIS 6.0? Justin -Original Message- From: Chris Freeborn [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 3:46 PM To: '[EMAIL PROTECTED]' Subject: ISAPI_REDIRECT.DLL Windows Server 2003 Is there a new version of ISAPI_REDIRECT.DLL for use with Windows Server 2003? I have set up Tomcat to work with IIS on several different servers in the past (mostly Win2K machines), but I am having a great deal of trouble getting it to work on Windows Server 2003. Keep getting page not found errors. Screenshots of the problem can be found at http://www.teamadapt.com/bcu/tomcatscreenshots.doc. I'd appreciate any help you could offer. Chris Freeborn Adapt, LLC 773-634-2046 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat SSL ... more
Is there a way to use SSL in tomcat without having to type the password to your keystore in plaintext in the server.conf file? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Microsoft Certificate Services
Hey, I'm trying to import certificates from Microsoft Certificate Services into my keystore for use with SSL in tomcat (what a mouthful). Having problems, keytool says that the certs are not in x.509 format, but I selected DER (x.509) from Microsoft Certificate Services. Is there a known problem with doing this? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
NT Groups
Ok, so, I have a user logged in through JNDIRealm, and I would like to identify what NT groups they are members of. Is this conveniently possible, or do I need to write additional code to query them from our ActiveDirectory.? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: NT Groups
So, I can get to my realm from my jsp somehow? That would be super-dee-duper. I'm kinda new to JSP, but old to programming. I know I could definately get a lot done if I could hit that realm from the page. Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 10:45 AM To: Tomcat Users List Subject: Re: NT Groups IIRC, the groups can be queried via roleSearch. I thoink I got this to work one day, but my AD server was too damn slow and had to many groups in it to be of any usefulness. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm -Tim Hart, Justin wrote: Ok, so, I have a user logged in through JNDIRealm, and I would like to identify what NT groups they are members of. Is this conveniently possible, or do I need to write additional code to query them from our ActiveDirectory.? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDIRealm...more
Ok, cool, so, how I have a question about the parts:
roleBase=OU=Users,OU=[my OU],DC=[Domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)
This is going to specify what roles apply to the user under the role-name portion
of the web.xml, correct? As well as for use with isUserInRole(), right?
If I want the roles that apply to my user to be their NT Groups, would I make it
something akin to:
roleBase=CN=Users,DC=[Domain],DC=com
roleName=memberOf
Will it take all of their roles, even with roleSearch specified?
Am I on the Right Track(tm) with all of this?
Justin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: JNDIRealm...more
Here's what I have..this works for mehope this helps
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionURL=ldap://[domain controller]:389
userBase=OU=Users,OU=[My OU],DC=[Domain],DC=com
userSearch=(sAMAccountName={0})
userRoleName=member
roleBase=OU=Users,OU=[my OU],DC=[Domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)
connectionName=CN=Administrator,CN=Users,DC=[Domain],DC=com
connectionPassword=[password]
roleSubtree=true
userSubtree=true/To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDIRealm...more
Ok, figured it out. For those who are curious (IE the handful of other people who've
been taking part in JNDIRealm threads on this list:
roleBase=OU=Users,OU=[Your OU from the userBase],DC=[Domain],DC=com
roleName=memberOf
roleSearch=(Whatever group all members allowed to log in should be a part of)
Now, when you refer to their role in the rest of your application, you use the DN of
the NT Group that they are supposed to be a part of. That way, you can use NT
permissions to control your web app.
Justin
-Original Message-
From: Hart, Justin
Sent: Wednesday, November 05, 2003 12:00 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
Ok, cool, so, how I have a question about the parts:
roleBase=OU=Users,OU=[my OU],DC=[Domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)
This is going to specify what roles apply to the user under the role-name portion
of the web.xml, correct? As well as for use with isUserInRole(), right?
If I want the roles that apply to my user to be their NT Groups, would I make it
something akin to:
roleBase=CN=Users,DC=[Domain],DC=com
roleName=memberOf
Will it take all of their roles, even with roleSearch specified?
Am I on the Right Track(tm) with all of this?
Justin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: JNDIRealm...more
Here's what I have..this works for mehope this helps
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionURL=ldap://[domain controller]:389
userBase=OU=Users,OU=[My OU],DC=[Domain],DC=com
userSearch=(sAMAccountName={0})
userRoleName=member
roleBase=OU=Users,OU=[my OU],DC=[Domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)
connectionName=CN=Administrator,CN=Users,DC=[Domain],DC=com
connectionPassword=[password]
roleSubtree=true
userSubtree=true/To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
server.xml JNDIRealm
Ok, more nifty questions from myself.
The format that the rest of the company uses for NT Authentication is
[domain].com\[username] in the username field, and then [pass] in the password field.
The NT Admins would really like if my application would do the same (so as not to
throw off users).
Is it possible to split characters off of the username field before providing them to
the userSearch query... ie
userSearch=(sAMAccountName={0}) with the [domain].com\ part gone?
Justin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDIRealm...more
I just got it working...
A million thank yous! I didn't really understand LDAP until learning (some) about it
yesterday, and once I started learning it, your example made perfect sense, and now I
can authenticate my users!
This rules very much!
Justin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: JNDIRealm...more
Here's what I have..this works for mehope this helps
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionURL=ldap://[domain controller]:389
userBase=OU=Users,OU=[My OU],DC=[Domain],DC=com
userSearch=(sAMAccountName={0})
userRoleName=member
roleBase=OU=Users,OU=[my OU],DC=[Domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)
connectionName=CN=Administrator,CN=Users,DC=[Domain],DC=com
connectionPassword=[password]
roleSubtree=true
userSubtree=true/
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 12:57 PM
To: Tomcat Users List
Subject: JNDIRealm...more
My server.xml now looks like this :
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=A good active directory server
userBase=dc=MY DOMAIN NAME,dc=com
userRoleName=member
roleName=cn
roleSearch=(userPrincipalName={0})
roleSubtree=false
userSubtree=false
referrals=follow
/
Reading through the log shows no errors, just that the realm is openning and
closing connections with my LDAP server, after 3 tries, it tells me that I
need to use http authentication.
What's going wrong here?
Justin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDIRealm...more
I used * as my role-name. Justin -Original Message- From: Robyne Vaughn [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 12:38 PM To: Tomcat Users List Subject: RE: JNDIRealm...more Justin, I REALLY appreciate your help. I've been stuck for a while. I believe that Users is a CN . (scanning thru the script, I don't see Users ever set as an OU, but I do see it as a CN.) How are you browsing around in AD's LDAP? I have a jndi jsp that I've tried finding things with. One bit of info: The AD I am trying to authenticate to is on a different box than the one I work on. I do know to hit AD with a connection name and password, then I've tried to use the sAMAccountname but have been unsuccessful. I can't quite get my path worked out. I will look thru the DN, to see if I can find where all the users are a member. In my web.xml, I have tried form based and basic authentication. Which are you using and don't you have to specify this stuff?: security-constraint web-resource-collection web-resource-name/web-resource-name url-pattern/url-pattern /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint login-config auth-method/auth-method !-- realm-name/realm-name -- /login-config security-role role-name/role-name /security-role Would the role-name be the entry in the tomcat users or would it be an entry in the AD? This is a new web-app I'm trying to get up and it will be the first one in our group to authenticate against the AD. Our previous authentication is being eliminated. -Original Message- From: Hart, Justin [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 11:14 AM To: Tomcat Users List Subject: RE: JNDIRealm...more 1) In terms of active directory, the roleSearch, in this case, would be a group that the person logging in needs to be a member of. In terms of mine, it would be the ALL mailing list for my company. What you need to do, is browse around in active directory's LDAP (I assume that you're doing this against active directory) and find the entry that describes the NT group that you want all of your members to be a member of. CN=tomcat is just part of the DN that identifies that group for the other guy in this thread. 2) K, you need to get to your base directory that contrains users. That could be multiple OU's deep, in terms of active directory, it probably is, you'll probably have 1 layer for say, job sites, and another for Users (hence Users). You'll see if it you browse down your active directory tree... just enter the DN describing the level containing your users. 3) web.xml contains the stuff specific to logging in, so essentially, whatever you use for authentication now, can still be used, as long as the data jibes with what's in your active directory. Is that User's there a CN or a OU? Justin -Original Message- From: Robyne Vaughn [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 12:08 PM To: Tomcat Users List Subject: RE: JNDIRealm...more Hi, I've been watching your emails andI'm still trying to understand. I have a couple of ldap books and I'm trying to figure some things out. I can authenticate to AD with known OU's and known common names, but I can't use basic or form authentication and get them authenticated with just a user-id and password. What is: roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com) 1.specifically, what is CN=tomcat ?Is that a role which has been set up in AD? What is:userBase=OU=Users,OU=[My OU],DC=[Domain],DC=com 2.specifically, what is OU=[My OU] ? 3. What did you put in your web-app web.xml? My AD administrators have not been able to explain our tree structure to me. Either I'm asking the wrong questions, or they don't understand it either. They have given me a copy of the script they used to load it. I'm trying to look thru the script to discover the tree structure. Also, they printed a screen print from their AD administrative tool. It has this sort of structure: Active Directory Users and Computers lubbock.isd Builtin CO Computers Disabled Accounts Elem ForeignSecurityPrincipals HS JH LostAndFound Microsoft Exchange System Object OG System Users Should that tell me what to plug into the OU? I know if I hit the AD with an Administrative name, password and its OU, then I authenticate. For instance CN=Administratorname,OU=CO,dc=lubbock,dc=isd);. CO stands for central office (in this case.) I know that this administrative name is in the OU=CO. What do I do if my user is not in OU=CO? How do I authenticate when I'm not given the person's specific OU? I don't understand why you're specifying 2 different values for OU? Any help would be appreciated. Thanks, rob -Original Message- From: Hart, Justin [mailto:[EMAIL
RE: JNDIRealm...more
Oh, for the AD LDAP, I've been using the programs that came with Active Directory. There is also an ldp.exe, I dunno where that came from, but that's pretty useful. -Original Message- From: Hart, Justin Sent: Tuesday, November 04, 2003 12:39 PM To: Tomcat Users List Subject: RE: JNDIRealm...more I used * as my role-name. Justin -Original Message- From: Robyne Vaughn [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 12:38 PM To: Tomcat Users List Subject: RE: JNDIRealm...more Justin, I REALLY appreciate your help. I've been stuck for a while. I believe that Users is a CN . (scanning thru the script, I don't see Users ever set as an OU, but I do see it as a CN.) How are you browsing around in AD's LDAP? I have a jndi jsp that I've tried finding things with. One bit of info: The AD I am trying to authenticate to is on a different box than the one I work on. I do know to hit AD with a connection name and password, then I've tried to use the sAMAccountname but have been unsuccessful. I can't quite get my path worked out. I will look thru the DN, to see if I can find where all the users are a member. In my web.xml, I have tried form based and basic authentication. Which are you using and don't you have to specify this stuff?: security-constraint web-resource-collection web-resource-name/web-resource-name url-pattern/url-pattern /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint login-config auth-method/auth-method !-- realm-name/realm-name -- /login-config security-role role-name/role-name /security-role Would the role-name be the entry in the tomcat users or would it be an entry in the AD? This is a new web-app I'm trying to get up and it will be the first one in our group to authenticate against the AD. Our previous authentication is being eliminated. -Original Message- From: Hart, Justin [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 11:14 AM To: Tomcat Users List Subject: RE: JNDIRealm...more 1) In terms of active directory, the roleSearch, in this case, would be a group that the person logging in needs to be a member of. In terms of mine, it would be the ALL mailing list for my company. What you need to do, is browse around in active directory's LDAP (I assume that you're doing this against active directory) and find the entry that describes the NT group that you want all of your members to be a member of. CN=tomcat is just part of the DN that identifies that group for the other guy in this thread. 2) K, you need to get to your base directory that contrains users. That could be multiple OU's deep, in terms of active directory, it probably is, you'll probably have 1 layer for say, job sites, and another for Users (hence Users). You'll see if it you browse down your active directory tree... just enter the DN describing the level containing your users. 3) web.xml contains the stuff specific to logging in, so essentially, whatever you use for authentication now, can still be used, as long as the data jibes with what's in your active directory. Is that User's there a CN or a OU? Justin -Original Message- From: Robyne Vaughn [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 12:08 PM To: Tomcat Users List Subject: RE: JNDIRealm...more Hi, I've been watching your emails andI'm still trying to understand. I have a couple of ldap books and I'm trying to figure some things out. I can authenticate to AD with known OU's and known common names, but I can't use basic or form authentication and get them authenticated with just a user-id and password. What is: roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com) 1.specifically, what is CN=tomcat ?Is that a role which has been set up in AD? What is:userBase=OU=Users,OU=[My OU],DC=[Domain],DC=com 2.specifically, what is OU=[My OU] ? 3. What did you put in your web-app web.xml? My AD administrators have not been able to explain our tree structure to me. Either I'm asking the wrong questions, or they don't understand it either. They have given me a copy of the script they used to load it. I'm trying to look thru the script to discover the tree structure. Also, they printed a screen print from their AD administrative tool. It has this sort of structure: Active Directory Users and Computers lubbock.isd Builtin CO Computers Disabled Accounts Elem ForeignSecurityPrincipals HS JH LostAndFound Microsoft Exchange System Object OG System Users Should that tell me what to plug into the OU? I know if I hit the AD with an Administrative name, password and its OU, then I authenticate. For instance CN=Administratorname,OU=CO,dc=lubbock,dc=isd);. CO stands for central office (in this case.) I know that this administrative
RE: JNDIRealm...more
Good luck. -Original Message- From: Robyne Vaughn [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 1:07 PM To: Tomcat Users List Subject: RE: JNDIRealm...more Thanks, Justin, You've given me some good pointers. I guess I'll do some more hammering and snooping. Our AD is on a server and the administrators gave me an administrator type password to try hitting it with, but they don't want me snooping around too much. I don't actually have direct access to it. Like I said, I have hit it with some JNDI, but that is new to me also, and I still couldn't discover the tree structure adequately. Anyway, I guess I'll try to pull things out of the loading script and my LDAP books. It's so frustrating. I can't find and the administrators don't know where the collective all of our users are located. They found an example script, used it, and don't really know what they have yet. I really appreciate your time. Thanks, Rob Ps I expect I'll have more questions later. Right now, I'm still stuck just figuring out where all users are. -Original Message- From: Hart, Justin [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 11:40 AM To: Tomcat Users List Subject: RE: JNDIRealm...more Oh, for the AD LDAP, I've been using the programs that came with Active Directory. There is also an ldp.exe, I dunno where that came from, but that's pretty useful. -Original Message- From: Hart, Justin Sent: Tuesday, November 04, 2003 12:39 PM To: Tomcat Users List Subject: RE: JNDIRealm...more I used * as my role-name. Justin -Original Message- From: Robyne Vaughn [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 12:38 PM To: Tomcat Users List Subject: RE: JNDIRealm...more Justin, I REALLY appreciate your help. I've been stuck for a while. I believe that Users is a CN . (scanning thru the script, I don't see Users ever set as an OU, but I do see it as a CN.) How are you browsing around in AD's LDAP? I have a jndi jsp that I've tried finding things with. One bit of info: The AD I am trying to authenticate to is on a different box than the one I work on. I do know to hit AD with a connection name and password, then I've tried to use the sAMAccountname but have been unsuccessful. I can't quite get my path worked out. I will look thru the DN, to see if I can find where all the users are a member. In my web.xml, I have tried form based and basic authentication. Which are you using and don't you have to specify this stuff?: security-constraint web-resource-collection web-resource-name/web-resource-name url-pattern/url-pattern /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint login-config auth-method/auth-method !-- realm-name/realm-name -- /login-config security-role role-name/role-name /security-role Would the role-name be the entry in the tomcat users or would it be an entry in the AD? This is a new web-app I'm trying to get up and it will be the first one in our group to authenticate against the AD. Our previous authentication is being eliminated. -Original Message- From: Hart, Justin [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 11:14 AM To: Tomcat Users List Subject: RE: JNDIRealm...more 1) In terms of active directory, the roleSearch, in this case, would be a group that the person logging in needs to be a member of. In terms of mine, it would be the ALL mailing list for my company. What you need to do, is browse around in active directory's LDAP (I assume that you're doing this against active directory) and find the entry that describes the NT group that you want all of your members to be a member of. CN=tomcat is just part of the DN that identifies that group for the other guy in this thread. 2) K, you need to get to your base directory that contrains users. That could be multiple OU's deep, in terms of active directory, it probably is, you'll probably have 1 layer for say, job sites, and another for Users (hence Users). You'll see if it you browse down your active directory tree... just enter the DN describing the level containing your users. 3) web.xml contains the stuff specific to logging in, so essentially, whatever you use for authentication now, can still be used, as long as the data jibes with what's in your active directory. Is that User's there a CN or a OU? Justin -Original Message- From: Robyne Vaughn [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 12:08 PM To: Tomcat Users List Subject: RE: JNDIRealm...more Hi, I've been watching your emails andI'm still trying to understand. I have a couple of ldap books and I'm trying to figure some things out. I can authenticate to AD with known OU's and known common names, but I can't use basic or form authentication and get them authenticated with just a user-id and password. What is: roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC
Formerly: Tomcat clustering and servletContext.
Ahh, you seem to know a bit about this. Given that I've authenticated someone, using JNDIRealm, can I then operate with their permissions on the server? IE, if they authenticate to Tomcat in JNDIRealm, do I get access to files that carry their NT permissions? Justin -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 1:52 PM To: Tomcat Users List Subject: Re: Tomcat clustering and servletContext. Antony, I asked this question yesterday no one replied. Suppose Tomcat is running in a cluster with load balancer. If I put a JavaBean in ServletContext is it possible to access this bean in all machines ?. No, the ServletContext does not get propagated to other machines. Consider using a shared JNDI scope to share this information. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Formerly: Tomcat clustering and servletContext.
Works for me. Thanks. Justin -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 2:23 PM To: Tomcat Users List Subject: Re: Formerly: Tomcat clustering and servletContext. Justin, Given that I've authenticated someone, using JNDIRealm, can I then operate with their permissions on the server? IE, if they authenticate to Tomcat in JNDIRealm, do I get access to files that carry their NT permissions? Uhh, I'm not entirely sure, but I'd eat my proverbial hat if a user logged-in to your web application (using J2EE-style j_security_check, right?) and then could access any of their files on the server. Tomcat should run with a particular user's privs. If you run it as Administrator, then you'll open your whole system up to file theft (is that your concern?). You should run Tomcat as a user with very little access. On UNIX systems, it's common to either use the nobody user or create a user under which Tomcat will run. Tomcat doesn't assume the privs of a user that has successfully logged-in to your application. So, you can't use Tomcat as a file-server unless it actually is running as Administrator or the user whose files you want to read. There may be a way to authenticate directly with NT and then request files through some other mechanism, but you can't just open up a FileInputStream to anything you want :) -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDIRealm Configuration
Does anybody have an example JDNIRealm configuration (server.xml web.xml). I feel like I'm just taking stabs in the dark with these files... Currently I can get it to pop up a window and ask for your username/password. I use my NT username and password and it rejects them. I think that I have the web.xml correct, but the server.xml incorrect. Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDIRealm
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://[Windows 2000 Domain Controller]:389
userBase=CN=Users,dc=[domain name],dc=com
userSearch=(userPrincipalName={0})
userRoleName=member
roleBase=CN=Users,dc=[domain name],dc=com
roleName=cn
roleSearch=(member={0})
connectionName=CN=[jndi account username],CN=Users,DC=[domain name],DC=com
connectionPassword=[jndi account password]
roleSubtree=true
userSubtree=true /
Found the preceding snippet on java-internals.com.
My server.xml, looks like this :
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=my server... it's correct
userBase=CN=Users,dc=correct,dc=com
userSearch=(userPrincipalName={0})
userRoleName=member
roleBase=CN=Users,dc=sfa,dc=com
roleName=cn
roleSearch=(member={0})
roleSubtree=true
userSubtree=true /
It fails to authenticate NT users based on their NT username/password combination.
It's connecting to an ActiveDirectory server... is there anything glaringly obvious
that I am doing incorrectly here?
Justin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and PHP
Why not connect Tomcat to Apache, and use mod-php? -Original Message- From: Joao Medeiros [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 12:08 PM To: Tomcat Users List Subject: Tomcat and PHP Hi folks, I was wondering if anyone has any experience with Tomcat serving PHP... I've looked in a lot of places so far but all I can get is pieces of information that I can't put together. Sure someone somewhere must have a 'How-To' that explains how to do this but I just can't find it... TIA, --Jo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDIRealm...more
My server.xml now looks like this :
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=A good active directory server
userBase=dc=MY DOMAIN NAME,dc=com
userRoleName=member
roleName=cn
roleSearch=(userPrincipalName={0})
roleSubtree=false
userSubtree=false
referrals=follow
/
Reading through the log shows no errors, just that the realm is openning and closing
connections with my LDAP server, after 3 tries, it tells me that I need to use http
authentication.
What's going wrong here?
Justin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDIRealm...more
Is there a way to do this without the admin password in the file?
What is sAMAccountName?
Also, not terribly versed in LDAP, what is My OU?
Justin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: JNDIRealm...more
Here's what I have..this works for mehope this helps
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionURL=ldap://[domain controller]:389
userBase=OU=Users,OU=[My OU],DC=[Domain],DC=com
userSearch=(sAMAccountName={0})
userRoleName=member
roleBase=OU=Users,OU=[my OU],DC=[Domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)
connectionName=CN=Administrator,CN=Users,DC=[Domain],DC=com
connectionPassword=[password]
roleSubtree=true
userSubtree=true/
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 12:57 PM
To: Tomcat Users List
Subject: JNDIRealm...more
My server.xml now looks like this :
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=A good active directory server
userBase=dc=MY DOMAIN NAME,dc=com
userRoleName=member
roleName=cn
roleSearch=(userPrincipalName={0})
roleSubtree=false
userSubtree=false
referrals=follow
/
Reading through the log shows no errors, just that the realm is openning and
closing connections with my LDAP server, after 3 tries, it tells me that I
need to use http authentication.
What's going wrong here?
Justin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDIRealm...more
Ok, what about sAMAccountname? I'm browsing through my LDAP, and don't see any keys
that match that... would that be whatever key matches the username I want typed in?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:26 PM
To: [EMAIL PROTECTED]
Subject: RE: JNDIRealm...more
You don't need the admin password, you do need a domain account the has read
permissions.just about any account will do thiscreate a test
account.and use that instead of the admin account..
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:18 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
Is there a way to do this without the admin password in the file?
What is sAMAccountName?
Also, not terribly versed in LDAP, what is My OU?
Justin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: JNDIRealm...more
Here's what I have..this works for mehope this helps
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionURL=ldap://[domain controller]:389
userBase=OU=Users,OU=[My OU],DC=[Domain],DC=com
userSearch=(sAMAccountName={0})
userRoleName=member
roleBase=OU=Users,OU=[my OU],DC=[Domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)
connectionName=CN=Administrator,CN=Users,DC=[Domain],DC=com
connectionPassword=[password]
roleSubtree=true
userSubtree=true/
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 12:57 PM
To: Tomcat Users List
Subject: JNDIRealm...more
My server.xml now looks like this :
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=A good active directory server
userBase=dc=MY DOMAIN NAME,dc=com
userRoleName=member
roleName=cn
roleSearch=(userPrincipalName={0})
roleSubtree=false
userSubtree=false
referrals=follow
/
Reading through the log shows no errors, just that the realm is openning and
closing connections with my LDAP server, after 3 tries, it tells me that I
need to use http authentication.
What's going wrong here?
Justin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Realms JSPs
Hi, I'm kind of new to JSP programming. I was wondering, is there a way to extract the username used to log in(I am using JNDIRealm for authentication), and use that data within the web application from the perspective of the JSP? Any help would be great! Thanks. Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Realms JSPs
Excellent, thanks :-) -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Friday, October 31, 2003 2:58 PM To: Tomcat Users List Subject: Re: Realms JSPs request.getRemoteUser() -Tim Hart, Justin wrote: Hi, I'm kind of new to JSP programming. I was wondering, is there a way to extract the username used to log in(I am using JNDIRealm for authentication), and use that data within the web application from the perspective of the JSP? Any help would be great! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Realms JSPs
This seems to come up null for me, as does getAuthType(). I am using JNDIRealm... but it seems to be misconfigured, before I was not getting the box to type in my username and password, now I do, but it does not accept my username/password combination. Justin -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Friday, October 31, 2003 2:58 PM To: Tomcat Users List Subject: Re: Realms JSPs request.getRemoteUser() -Tim Hart, Justin wrote: Hi, I'm kind of new to JSP programming. I was wondering, is there a way to extract the username used to log in(I am using JNDIRealm for authentication), and use that data within the web application from the perspective of the JSP? Any help would be great! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
POI
I'm considering using POI (the jakarta package for managing OLE objects in java) in a commercial project. 2 Questions 1) Is it any good? 2) Will the license allow for this? IANAL. Justin W. Hart - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat + IIS 6.0
Hey, What's the story on Tomcat + IIS 6.0 and AJP connectors? Does this scenario work or not? I've seen scattered throughout the net where noone can get this to work. Can somebody just tell me yes or no, this does or does not work? Justin W. Hart - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Java/JSP/Servlet Programmer
That's what I've found. The market is full of tech workers, but that doesn't mean that they're a programmer, or as familiar with technology X (for position Y) as they should be. I went to a job fair a couple years ago for 4 job opennings, 2 for programmers. 2 for techs. 1000 people showed up, and I spoke with only 4-5 that I really thought qualified for the programming jobs or had credentials that showed that they qualified for the job. -Original Message- From: Ruben Gamez [mailto:[EMAIL PROTECTED] Sent: Friday, October 17, 2003 3:57 PM To: Tomcat Users List Subject: RE: Java/JSP/Servlet Programmer I would think so, but it's true. I've gotten several people that interview well, but none that can pass a couple of simple tests (I consider them simple). -Original Message- From: epyonne [mailto:[EMAIL PROTECTED] Sent: Friday, October 17, 2003 3:55 PM To: Tomcat Users List Subject: Re: Java/JSP/Servlet Programmer Cannot find anyone?!?!?! It is rather hard to believe based on current job market. - Original Message - From: Ruben Gamez [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 17, 2003 02:33 PM Subject: Java/JSP/Servlet Programmer I'm looking for an experienced JSP/Servlet programmer located in our area. We're located in West Palm Beach, FL. We've tried posting the Job on Monster, and looking for candidates on there, but still cannot find someone that can do the job. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Java/JSP/Servlet Programmer
There are always the people who ask for 5+ years of experience with .NET or something akin to that. I saw one posting locally that asked for 30+ years of ethernet experience. My guess is that they wanted someone who worked at PARC, and that the guy had already applied for the job. -Original Message- From: John B. Moore [mailto:[EMAIL PROTECTED] Sent: Friday, October 17, 2003 4:10 PM To: Tomcat Users List Subject: Re: Java/JSP/Servlet Programmer Yeah, and those of us that do have the credentials get lost in the forest. (Not to mention the observation that many of these job postings want the person to have x years of experience in 6-7 different areas, mostly unrelated and the total experience years exceeds most normal human's productive lifespans, even accounting for reasonable overlap...G) John.. Hart, Justin wrote: That's what I've found. The market is full of tech workers, but that doesn't mean that they're a programmer, or as familiar with technology X (for position Y) as they should be. I went to a job fair a couple years ago for 4 job opennings, 2 for programmers. 2 for techs. 1000 people showed up, and I spoke with only 4-5 that I really thought qualified for the programming jobs or had credentials that showed that they qualified for the job. -Original Message- From: Ruben Gamez [mailto:[EMAIL PROTECTED] Sent: Friday, October 17, 2003 3:57 PM To: Tomcat Users List Subject: RE: Java/JSP/Servlet Programmer I would think so, but it's true. I've gotten several people that interview well, but none that can pass a couple of simple tests (I consider them simple). -Original Message- From: epyonne [mailto:[EMAIL PROTECTED] Sent: Friday, October 17, 2003 3:55 PM To: Tomcat Users List Subject: Re: Java/JSP/Servlet Programmer Cannot find anyone?!?!?! It is rather hard to believe based on current job market. - Original Message - From: Ruben Gamez [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 17, 2003 02:33 PM Subject: Java/JSP/Servlet Programmer I'm looking for an experienced JSP/Servlet programmer located in our area. We're located in West Palm Beach, FL. We've tried posting the Job on Monster, and looking for candidates on there, but still cannot find someone that can do the job. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
