R: Access to j_security_check directly
... or try http://securityfilter.sourceforge.net in my case it works fine. You don't need those tricks, may put login box on your home page, or any other page, no need to request a protected page before logging in ... ___ Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Via Al Molo Giano 16127 - GENOVA (ITALY) e-mail: [EMAIL PROTECTED] Phone: +39 10 2712603 Mob. +39 335 5864021 ___ -Messaggio originale- Da: Andoni [mailto:[EMAIL PROTECTED] Inviato: mercoledì 20 ottobre 2004 12.29 A: Tomcat Users List Oggetto: Re: Access to j_security_check directly Hi, This is an age-old problem, if you ever find a complete answer let me know. As for 95% complete answers here goes: 1. Your biggest problem is bookmarks. You need to always load you login page inside a frame. A single HTML page with a single frame can work fine, that way they'll bookmark xxx.com/jsp/index.html instead of xxx.com/jsp/login.jsp. This will mean that they will still always call the secure page even if they have book-marked the login screen. 2. The second problem is the back button. You need to use a JSP for your login screen and use the session.isNew() method to check if the session is being started by your login screen. If not then you should redirect to your single-framed page. 3. You can also re-direct with a custom error page from the error you receive to the single framed page. 4. Search the history of this list and find more suggestions. This question has come up several times over the years and usually gets some responses. I am using j_security_check in all my production apps. and with a combination of measures in place it works fine. I do suggest that you work out *Exactly* what is going on before trying to proceed as false assumptions can have your head spinning :-) Hope that helps, Andoni OConchubhair. - Original Message - From: Ben [EMAIL PROTECTED] To: Tomcat [EMAIL PROTECTED] Sent: Wednesday, October 20, 2004 1:58 AM Subject: Access to j_security_check directly Hi How can I deal with users that access to j_security_check directly? I have used the error-code 400 and redirect the users to the index page but the system doesn't recognise the them as logged in users. Any help? Thanks. Cheers, Ben - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS and container managed security
I used container managed security (I mean declaring security issues in web.xml, and using security standard servlet API isUserInRole, getUserPrincipal and so on) for several webapp, but I'm now facing the following need that this approach seem not to satisfy: I have to authenticate users based on both 1) A usual username, password mechanism; 2) A OTP (One Time Password) mechanism, something like a complex string parameter on a URL (sent by e-mail), stored in the DB that uniquely identifies the identity of the user. Now, I'm doing some little tries with JAAS to achieve this, but I have the following doubt: If I understand well I cannot merge the two approaches, that is use servlet declarative and programmatic security with JAAS. If I use JAAS LoginModules, I will not have the isUserInRole and other API's working... Is that right ?? Any help is very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Timeout and Direct Reference to login page
I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Timeout and Direct Reference to login page
I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Form Authentication/JAAS ??
I would like some clarifications about handling authentication in a webapp: it seems to me the simplest way to authenticate users is using form base auth, in conjunction with declarative security (declaring resources/roles in web.xml); the main problem with this approach in my opinion is handling several login pages, for example; moreover, in order to allow authentication to be performed on the home page, you need to force the client to make a request to a protected page (correct??!!), which seems not so clean!! I read something about JAAS, but didn't understand, for example, once logged in what should be done with the Subject object obtained after the login process!!! Following requests are automatically recognized coming from an authenticated user, as with normal form based auth ?? I'm a little confused about all this stuff... The main goals I have are: Allow login from the home page Allow login from several pages (I can specify only one login page in web.xml !) Make all this in a clean way (for example not redirecting the user to a reserved page for making tomcat present the login page !!) Thanks everyone Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Authentication Pattern
I would like some clarifications about handling authentication in a webapp: it seems to me the simplest way to authenticate users is using form base auth, in conjunction with declarative security (declaring resources/roles in web.xml); the main problem with this approach in my opinion is handling several login pages, for example; moreover, in order to allow authentication to be performed on the home page, you need to force the client to make a request to a protected page (correct??!!), which seems not so clean!! I read something about JAAS, but didn't understand, for example, once logged in what should be done with the Subject object obtained after the login process!!! Following requests are automatically recognized coming from an authenticated user, as with normal form based auth ?? I'm a little confused about all this stuff... The main goals I have are: Allow login from the home page Allow login from several pages (I can specify only one login page in web.xml !) Make all this in a clean way (for example not redirecting the user to a reserved page for making tomcat present the login page !!) Thanks everyone Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and IIS 6 - Please HELP
I don't know if the following can be useful to someone having the same problem, but I observed the following strange behavior in IIS 6: 1) when addressing with the client a filename with extension, say zzz, like myfile.zzz, IIS answers with 404 (of course the file is where it is requested; you can try also allowing directory browsing and then clicking on the file); 2) even putting the extension zzz in the mime types list doesn't affect this result; 3) the same for the extension dll By Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: mercoledì 27 agosto 2003 17.32 To: Tomcat Users List Subject: Re: Tomcat and IIS 6 - Please HELP Many people have the same problem (archives!). As far as I know, there is no redirector built and available for IIS 6. You either have to build it yourself, or wait for someone else to build it. Even if you build it, there's no guarantee the source that works with IIS 5 will work unmodified for IIS 6, so you will then need to wait for someone savvy enough in IIS 6 internals to make the appropriate changes and post the changes to CVS. Economic incentives might speed this process up...I doubt anything else will. John Renato Romano wrote: I'm trying to configure IIS (6) to forward requests to Tomcat (4.1.18): the configuration works fine with IIS 5, but with IIS 6, though I don't get error messages, and the ISAPI filter shows the green upward arrow, the browsere gets a 404 error. I'm pretty sure there is no config error, because I copied the configuration from a working installation with IIS 5, so I think the problem is the IIS version. I could not find any help on the net... Does anyone had the same problem ?? Thanks Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and IIS 6 - Please HELP
I'm trying to configure IIS (6) to forward requests to Tomcat (4.1.18): the configuration works fine with IIS 5, but with IIS 6, though I don't get error messages, and the ISAPI filter shows the green upward arrow, the browsere gets a 404 error. I'm pretty sure there is no config error, because I copied the configuration from a working installation with IIS 5, so I think the problem is the IIS version. I could not find any help on the net... Does anyone had the same problem ?? Thanks Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 4.1.18 as NT Service JVM property
I have to put a system property on the command line of the tomcat starting script, but I would like to start it as a Service (on a windows machine); i tried using CATALINA_OPTS defined as a system environment variable, but it doesn't seem to work. Release 4.1.18 already installs the service, but I don't know where to set the property (-Dvar=val) for the JVM. Any help appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5 limits the number of jars ???
I noticed a problem when deploying my webapp under Tomcat 5, about the number of jars in the lib dir of my webapp. Unfortunately I can't easily reproduce the problem, but it seems that if the number of jar files exceeds 10-15, Tomcat fails to compile JSP pages (!!!) and produces a message regarding an unknown flag to the javac compiler c:\Program. It seems to be a bit of the directory where it is installed (c:\Program Files\Apache Software Foundation\Tomcat5) Does anyone had the same problem ? Better write to tomcat-dev ?? Thanks Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and JNDI - Basic Question
In the tomcat documentation it is said that to configure a new JNDI resource you should put a Resource entry in the Context portion of my app, and a following ResourceParams, indicating the java class name of the factory (the class that must implement ObjectFactory). This seems quite correct: in order to build an object, I need a Factory!! But I noticed it works fine even if the ResourceParams is not present ?? The conclusion is: I'm surely missing something !! How can Tomcat know how to build my object if I don't give the name of the factory class ??? Context path=/dg3s docBase=dg3s reloadable=true Resource name=myJndiName type=com.blabla.MyType/ !-- The following is not useful ? ResourceParams name=myJndiName parameter namefactory/name valuecom.blabla.MyTypeFactory/value /parameter /ResourceParams -- /Context Any Help Appreciated!! Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and JNDI - Basic Question
In the tomcat documentation it is said that to configure a new JNDI resource you shoul put a Resource entry in the Context portion of my app, and a following ResourceParams, indicating the java class name of the factory (the class that must implement ObjectFactory). This seems quite correct: in order to build an object, I need a Factory!! But I noticed it works fine even if the ResourceParams is not present ?? The conclusion is: I'm surely missing something !! How can Tomcat know how to build my object if I don't give the name of the factory class ??? Context path=/dg3s docBase=dg3s reloadable=true Resource name=myJndiName type=com.blabla.MyType/ !-- The following is not useful ? ResourceParams name=myJndiName parameter namefactory/name valuecom.blabla.MyTypeFactory/value /parameter /ResourceParams -- /Context Any Help Appreciated!! Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Doing something on the server when user session expires
Is it possible to activate a method call when a user session expires, independently of the client browsing activity ? A mean, for example: a user logs in, then stops his activity for 30 minutes. Supposed that user sessione expires after 20 minutes, when he tries to access a page tomcat automatically detect that his session expired and shows the user the login page, but that happens only when he request a (protected) page, that is at time 30; I want to do something exactly when user session expires, that is at time 20. Is it possible ?? Thanks a lot Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: URGENT : Multiple host in Tomcat
If I understand well, you have to define DNS entry for each host, all defined as the same IP address. When your browser uses http://host1 it will be resolved as the unique IP you have on your server, but in the http request the hostname will be written. This way Tomcat will direct the request to the host1 virtual host as defined in server.xml, and therefore to the right appBase. Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: Andoni [mailto:[EMAIL PROTECTED]] Sent: martedì 10 dicembre 2002 14.16 To: Tomcat Users List Subject: Re: URGENT : Multiple host in Tomcat You want to use the same DNS name and just change the port number to bring up different web-sites? http://www.mysite.com:1234 == context 1 http://www.mysite.com:4321 == context 2 etc.?? I think you cannot do that using only tomcat. You can do nearly anything with Apache though so you may have to go that way and just rewrite the URL into the tomcat one calling the context path. Andoni. - Original Message - From: Laxmikanth M.S. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, December 10, 2002 1:05 PM Subject: RE: URGENT : Multiple host in Tomcat ya all that u have mentioned is there so it means we should have DNS entry for all the virtualhost or can it be done with different port numbers as done in Apache Regards Laxmikanth M S Off* : 91-80-6610330 extn 1256 Res* : 91-80-5267150 http://www.sonata-software.com Coming together is the beginning, staying together is progress and working together is Success What lies behind us and what lies before us are tiny matters compared to what lies within us - Emerson -Original Message- From: Andoni [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 6:34 PM To: Tomcat Users List Subject: Re: URGENT : Multiple host in Tomcat Have you created a DNS entry pointing at your IP address for each name? Does your Server.xml file have a Host/Host container for each virtual host you want to create? Look into these things and write again if need be. Andoni. - Original Message - From: Laxmikanth M.S. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, December 10, 2002 12:35 PM Subject: URGENT : Multiple host in Tomcat Hi all, I am creating multiple host (virtual Host) in tomcat 4.1.12 Server . Every host contains context as/. for eg. host 1 is testhost1 and host2 is testhost2 how to access the site. please let me know soon thanks in advance laxmiaknth ** *** Disclaimer: The information in this e-mail and any attachments is confidential / privileged. It is intended solely for the addressee or addressees. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. ** *** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] * Disclaimer: The information in this e-mail and any attachments is confidential / privileged. It is intended solely for the addressee or addressees. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat 4 and IIS please HELP
Hi, I'm trying to set up tomcat 4 with IIS. I already made this whith Tomcat 3, and following the doc how-to for tomcat 4 had the following problems: Tomcat 4.0.1: integration for IIS works fine for unprotected resources, but the browser hangs if I ask for a protected resource; speaking directly with tomcat (i.e. using 8080 port) works fine!! Catalina logs a nullpointerexception for each request i make: 2002-12-06 10:09:31 Ajp13Request[5] Requested cookie session id is C554055605855495697077791461B370 2002-12-06 10:09:31 Ajp13Request[5] Adding cookie JSESSIONID=C554055605855495697077791461B370 2002-12-06 10:09:31 Ajp13Request[5] Adding cookie JSESSIONID=E5B331E6D4C4F1C144C1E845170683A5 2002-12-06 10:09:31 Ajp13Processor[8009][4] invoking... 2002-12-06 10:09:31 Ajp13Processor[8009][4] process: invoke java.lang.NullPointerException at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherVa lve.java:291) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherVa lve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java: 348) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:371) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:424) at java.lang.Thread.run(Thread.java:484) Then i tried downloading the latest tomcat 4 release, that is 4.1.12: in this case, server.xml is configured to use a Coyote Connector for ajp and not Ajp13Connector as in release 4.0.1 This time, when asking for a protected resource results in a 403 error (Not Authorized) instead of the login page (I use FORM auth). Please note that using tomcat directly (that is port 8080) WORKS FINE !!! Than I switched to Ajp13Connector, whose entry is commented by default in the 4.1.12 server.xml config file. Finally this works fine, except for some errors due to Listener config. Anyway i'm quite sure this is not the best way !!! Any help will be very appreciated, also addressing to known issues about this problem. Please don't addess me to Tomcat-IIS how'to because I already used them. Thanks a lot. Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Urgent!!Please Help!
I find several occurrences of the following stackTrace in my catalina_log_-MM-DD.txt log file; does someone know what causes it ? Many Thanks 2002-07-22 12:09:18 HttpProcessor[80][14] process.invoke java.lang.NullPointerException at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherVa lve.java:291) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherVa lve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java: 368) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.j ava:1011) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java: 1106) at java.lang.Thread.run(Thread.java:484) Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA - ITALY e-mail: [EMAIL PROTECTED] Tel.: +39 10 2712603 _ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Urgent!!Please Help!
There is no 'root cause'. I saw this in many other places, but not here... -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: lunedì 22 luglio 2002 13.30 To: 'Tomcat Users List' Subject: RE: Urgent!!Please Help! further down in the stack trace should be a 'root cause'. please post it as this is the real error... -Original Message- From: Renato Romano [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 6:38 AM To: 'Tomcat Users List' Subject: Urgent!!Please Help! I find several occurrences of the following stackTrace in my catalina_log_-MM-DD.txt log file; does someone know what causes it ? Many Thanks 2002-07-22 12:09:18 HttpProcessor[80][14] process.invoke java.lang.NullPointerException at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDi spatcherVa lve.java:291) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi spatcherVa lve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardP ipeline.ja va:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport Valve.java :170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardP ipeline.ja va:564) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValv e.java:462 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardP ipeline.ja va:564) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSi gnOn.java: 368) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardP ipeline.ja va:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEn gineValve. java:163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardP ipeline.ja va:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpP rocessor.j ava:1011) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProce ssor.java: 1106) at java.lang.Thread.run(Thread.java:484) Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA - ITALY e-mail: [EMAIL PROTECTED] Tel.: +39 10 2712603 _ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Urgent!!Please Help!
Here they are. I tried to find some mispelling, but I did not find them !! Thanks a lot. Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED]] Sent: lunedì 22 luglio 2002 14.41 To: Tomcat Users List Subject: RE: Urgent!!Please Help! Howdy, An NPE doesn't necessarily have a root cause. I would guess that you have a misconfigured error handling tag in your server.xml or web.xml. Can you post them please? Yoav Shapira Millennium ChemInformatics -Original Message- From: Renato Romano [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 6:38 AM To: 'Tomcat Users List' Subject: Urgent!!Please Help! I find several occurrences of the following stackTrace in my catalina_log_-MM-DD.txt log file; does someone know what causes it ? Many Thanks 2002-07-22 12:09:18 HttpProcessor[80][14] process.invoke java.lang.NullPointerException at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherV a lve.java:291) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherV a lve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.j a va:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.jav a :170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.j a va:564) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:46 2 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.j a va:564) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java : 368) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.j a va:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java: 4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve . java:163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.j a va:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java: 4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor. j ava:1011) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java : 1106) at java.lang.Thread.run(Thread.java:484) Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA - ITALY e-mail: [EMAIL PROTECTED] Tel.: +39 10 2712603 _ -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN debug=0 !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Tomcat-Standalone !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps (see the SSL Config HOWTO in the Tomcat 4.0 documentation bundle for more detailed instructions): * Download and install JSSE 1.0.2 or later, and put the JAR files into $JAVA_HOME/jre/lib/ext. * Execute: %JAVA_HOME%\bin\keytool
RE: Urgent!!Please Help!
Ok. I made some tries and found the following: 1) my error-page clause in web.xml works fine for 404 error-code (Page not found), but not for the 403 (Access denied). When, after successfull authentication, I try to access a denied page, on the browser I get a 500 (Internal Server error) and in the catalina_log the NPE with the stackTrace I initially posted. This is independant on the spec version (2_2 or 2_3) and the use of html or jsp pages. 2) I can't figure out how can this happen. There is no real difference between the 403 and 404 pages, nor their spec in web.xml !! I noticed this already some time ago, but couldn't get out of it and left all as it was; now I realized that when I got the 500 error on the browser, I also get this error on the log... 3) When not using the error-page clause for the 403 error, I get the Tomcat 403 error page (the one with blu highlighted words...) as expected. Same for 404 Any help is very appreciated ... Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED]] Sent: lunedì 22 luglio 2002 15.09 To: Tomcat Users List Subject: RE: Urgent!!Please Help! Hi, 1. Why is your web.xml written to the 2.2 spec (and the 2.2 DTD)? Tomcat 4.x expects the 2.3 DTD. 2. Please try to write very simple static err403.html and err404.html error pages, and direct the server to use those instead of the JSPs you currently have configured to the error pages. My guess is the NPE comes from either the err403.jsp/err404.jsp pages or tomcat doing something for 2.3-spec error-page elements that isn't done for 2.2-spec ones. Let us know what happens ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Renato Romano [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 9:05 AM To: 'Tomcat Users List' Subject: RE: Urgent!!Please Help! Here they are. I tried to find some mispelling, but I did not find them !! Thanks a lot. Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED]] Sent: lunedì 22 luglio 2002 14.41 To: Tomcat Users List Subject: RE: Urgent!!Please Help! Howdy, An NPE doesn't necessarily have a root cause. I would guess that you have a misconfigured error handling tag in your server.xml or web.xml. Can you post them please? Yoav Shapira Millennium ChemInformatics -Original Message- From: Renato Romano [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 6:38 AM To: 'Tomcat Users List' Subject: Urgent!!Please Help! I find several occurrences of the following stackTrace in my catalina_log_-MM-DD.txt log file; does someone know what causes it ? Many Thanks 2002-07-22 12:09:18 HttpProcessor[80][14] process.invoke java.lang.NullPointerException at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcher V a lve.java:291) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcher V a lve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. j a va:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja v a :170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. j a va:564) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:4 6 2 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. j a va:564) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.jav a : 368) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. j a va:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java : 4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv e . java:163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. j a va:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java : 4 72) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor . j ava:1011) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.jav a : 1106) at java.lang.Thread.run(Thread.java:484) Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA - ITALY e-mail: [EMAIL PROTECTED] Tel.: +39 10 2712603
RE: Urgent!!Please Help!
No !! Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED]] Sent: lunedì 22 luglio 2002 16.47 To: Tomcat Users List Subject: RE: Urgent!!Please Help! Hi, 3) When not using the error-page clause for the 403 error, I get the Tomcat 403 error page (the one with blu highlighted words...) as expected. Same for 404 And do you get the NPE in the catalina log? Yoav Shapira Millennium ChemInformatics -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: problem..plz help me out
I can't find the run-as element which you mention in your web.xml file ... If you want to restrict access to a resource just use the security constraint element... Look in the servlet doc... Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: puneet sachar [mailto:[EMAIL PROTECTED]] Sent: sabato 8 giugno 2002 21.22 To: Xinji Gu Subject: problem..plz help me out Hi friends, this is my 4th mail regarding my single complain.. I have install the tomcat 4.0.3 and its doing fine as far .html files are concern but no .class and .jsp files are running on it I have asked 9-10 times abt same question again and again and I got nothing from u guys there Plz help me.I really stuck .. With this mail I'm sending my server.xml file and web.xml file which is in my virtualhost/WEB-INF/ I know it is very tough for u to go in these files and see for errors but plz..i'm in need badly and afater spending so much time here I some time feel like crying . and I'm in such a place and in such a part of India..where I can't get ant local computer guy with whom I can discuss ..plz do me a little favour Here are my problems 1) no .class and .jsp working only html is working 2) I have done all changes which were to made in server.xml.)I have send the file also plz check it and tell me any mistake if u find) 3) I'm getting 404 error ..no servlet found 4) And I'm able to excess the .class file vis http://localhost:80/examples/servlet/abc.class But not by making my own virtual host aand not even the default root directory what i have is my own context named sachar and when i go .http://puneet:80/sachar/servlet/HelloworldServlet error -- 404 See friends ..if u can help me I'll be very grateful to u Puneet __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: port 80 !!??
That's because on Unix-like systems well-known port numbers, like www (port 80), or ftp, telnet etc, are system-reserved to the root user. No other user can open server sockets on ports less than 1024. You should run it as root, or have another user having system administrator prvileges. Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: Tevfik Aytekin [mailto:[EMAIL PROTECTED]] Sent: martedì 30 aprile 2002 14.32 To: Tomcat Users List Subject: port 80 !!?? Hi, I suppose this question should have been answered, but I could not find a satisfactory answer in the archives. Isn't it possible to run tomcat as standalone on port 80 with a user other then root. Apache server manages to do this. But as far as I can see tomcat can not. I wonder why? Can someone answer? This ability of tomcat would have been great since we did not need neither apache nor mod_jk, etc. Also since apache and mod_jk are written in C it troubles many people to get them run on different platforms. So I do not understand why tomcat do not have the ability run on port 80 with a user other than root. Thanks in advance. TA. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: SingleSignOn Or Security Constraint ?
That's right. But what I actually mean is: what are the differences between 1) defining two protected areas in ONE web-app, using TWO security constraint, and 2) defining TWO web-app, using single-sign-on (which actually is not defined in web.xml, but in the server config file server.xml) with each ONE security constraint ? I think the point is that using single-sign-on implies sharing of the Realm class used to authenticate the users, and thus, at least in my environment, using the same database of users and roles, so it seems to me that there is no great difference... Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -Original Message- From: Dan K. [mailto:[EMAIL PROTECTED]] Sent: giovedì 18 aprile 2002 18.33 To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: SingleSignOn Or Security Constraint ? Hi, Correct me if I'm not thinking straight but doesn't the Single Sign-on and Security Constraint in the web.xml file do different things? The single sign-on allows the user to remained logged in while traversing different webapps and the Security Constraint determines who has access to the webapp. Regards, Dan On Thu, 18 Apr 2002, Renato Romano wrote: I just configured Single Sign on on my Tomcat4 server, and was just wondering what's the best way to chose, when I have to add a new service to my site, if just adding a security constraint, in my main Context, or configuring and using single signon, for achieving the same result! It seems to me that using singlesignon has the following advantages: 1) I create a service as a standalone application, that can then be deployed elsewhere; 2) I don't have to restart Tomcat in order to deploy/restart the new service, or making it temporary unavailable, thanks to the manager application; 3) I can continue sharing java classes, by putting them in the common dir; 4) In my situation, obviously, a centralized database of users and roles is ok; different context on tomcat, in my environment, should only appear as different services or roles, just similar to defining new security constraints. I have not investigated too much on this topic, so the question is: is there something I don't see that can cause problems using single signon in this way ? Has someone already had such a doubt and how he/she solved it ? Thanks Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
SingleSignOn Or Security Constraint ?
I just configured Single Sign on on my Tomcat4 server, and was just wondering what's the best way to chose, when I have to add a new service to my site, if just adding a security constraint, in my main Context, or configuring and using single signon, for achieving the same result! It seems to me that using singlesignon has the following advantages: 1) I create a service as a standalone application, that can then be deployed elsewhere; 2) I don't have to restart Tomcat in order to deploy/restart the new service, or making it temporary unavailable, thanks to the manager application; 3) I can continue sharing java classes, by putting them in the common dir; 4) In my situation, obviously, a centralized database of users and roles is ok; different context on tomcat, in my environment, should only appear as different services or roles, just similar to defining new security constraints. I have not investigated too much on this topic, so the question is: is there something I don't see that can cause problems using single signon in this way ? Has someone already had such a doubt and how he/she solved it ? Thanks Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
SSL Client Certificates
I need to setup client Auth by using SSL and certificates; I correctly set up Tomcat (4) for ssl, using the standard docs, but what i need to do now, is: 1) request the client to send a Certificate (clientAuth=true in the Factory Element) 2) Use the information in the certificate to authenticate the user !! (I do not want anyone to gain access to the site, even if he has a certificate !!) 3) Test all these, by creating (maybe?) a self signed certificate on my PC, and let Tomcat Accept that certificate! Any Help ?? Thanks A lot ... Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcat Security
I have to integrate two web applications: the first is written using JSP, but the second is using Microsoft ASP pages. That's ok to have Tomcat running under IIS, I already used this technique succesfully, but what about using Servlet Security Schema, for ASP pages ?? Briefly I would have of course IIS run ASP pages, but security checked by Tomcat !! I suppose this ain't very easy, because i shoul let Tomcat serve ALL resources, recognize ASP pages, and send them back to IIS, in some way ... Any help ? Thanks... Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
R: Running tomcat port 80
You have to run Tomcat as root, because port 80 is reserved on UNIX systems for use by the superuser; Probably root can't find the commands because you have to adjust the environment... just check $PATH, $CATALINA_HOME and $JAVA_HOME of the user you previosly used to run TOMCAT, and set them approriately for the root user ... -Messaggio originale- Da: Andrew Rodwell [mailto:[EMAIL PROTECTED]] Inviato: lunedì 18 febbraio 2002 11.14 A: Tomcat Users List Oggetto: Running tomcat port 80 Hi , We are trying to get TOMCAT 4.0 to run on the default web port - and can do it ok on windows. However when we try the same changes on SuSE Linux 7.3 it will not run. Somebody suggested that we start it under root - when we try this the commands are not found. You might have guessed we are noew to Linux - any ideas? Regards Andrew To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
JSP-FILE
Hi, can anyone tell me hwy should i define a servlet in my web.xml file which has a jsp-file tag instead of a servlet-class tag ? Defining servlet MyServlet to have a jsp-file (say testServletPage.jsp) means I'll have to make a request like http://myhost,mydom/myapp/servlet/MyServlet?par1=val1... is that right ?? Thanks to all. Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
R: Another Question About Tomcat Auth
OK!!I just made a little step: i tried to put the classes in the common dir, but Tomcat can't start, giving me a ClassNotFoundException on JDBCRealm. In fact my Realm implementation is an extension of JDBCRealm, and the Common ClassLoader can't find it, because it is a parent of the Catalina ClassLoader. One solution i think would be to put also catalina.jar (where JDBCRealm is) in the common/lib dir, but it doesn't seems to be a great idea :-((( Suggestions ? Thanks again Renato -Messaggio originale- Da: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Inviato: giovedi 14 febbraio 2002 18.24 A: Tomcat Users List; [EMAIL PROTECTED] Oggetto: Re: Another Question About Tomcat Auth On Thu, 14 Feb 2002, Renato Romano wrote: Date: Thu, 14 Feb 2002 16:50:52 +0100 From: Renato Romano [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED], [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Another Question About Tomcat Auth I succeffully defined my own Realm Implementation, but for have it working i had to put the classes into the $CATALINA_HOME/server/classes dir. Since I also use those classes in my webapp, I also had to put them in webapps/myapp/WEB-INF/classes !! Of course I tried to put the classes in the common/classes dir, but it doesn't works. Any idea ? Thanks again If you need classes to be visible to *both* Tomcat and your webapp, put them in $CATALINA_HOME/common/classes (or in JAR files in $CATALINA_HOME/common/lib). For more information on how class loading works in Tomcat 4, see the appropriate docs: http://localhost:8080/tomcat-docs/class-loader-howto.html or online at: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/class-loader-howto.html Renato Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcat Auth
Is it possible to use different Authentication Realms for different applications running on Tomcat4.0 ? Or at least use different DataBase, tables etc... ?And if yes how ? Thanks everyone. Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Again Tomcat Auth
Is it possible to use different Authentication Realms for different applications running on Tomcat4.0 ? Or at least use different DataBase, tables etc... ?And if yes how ? Thanks everyone. Maybe it is possible in older versions of Tomcat ? Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
R: Tomcat Auth
Ok I got it, that's also in the doc... Do you know if it is also possible with Tomcat 3.2.x ? There the Realm is defined by a RequestInterceptor element ... Thanks Renato -Messaggio originale- Da: Unsöld, Hans-Michael [mailto:[EMAIL PROTECTED]] Inviato: giovedì 14 febbraio 2002 16.04 A: 'Tomcat Users List' Oggetto: AW: Tomcat Auth Hi, I think it's possible: You should place a Context element (in server.xml) corresponding to the app. Within that element you place a Realm element. It will override the Realm element below Engine (or Host). Michael. -Ursprüngliche Nachricht- Von: Renato Romano [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 14. Februar 2002 16:00 An: Tomcat Users List Betreff: Tomcat Auth Is it possible to use different Authentication Realms for different applications running on Tomcat4.0 ? Or at least use different DataBase, tables etc... ?And if yes how ? Thanks everyone. Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Another Question About Tomcat Auth
I succeffully defined my own Realm Implementation, but for have it working i had to put the classes into the $CATALINA_HOME/server/classes dir. Since I also use those classes in my webapp, I also had to put them in webapps/myapp/WEB-INF/classes !! Of course I tried to put the classes in the common/classes dir, but it doesn't works. Any idea ? Thanks again Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
R: Custom Realm Implementation
OK !! In RealmBase the hasRole method looks for a Principal of class GenericPrincipal; by overriding this method everithing works fine !! Thanks a lot Renato -Messaggio originale- Da: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Inviato: venerdi 1 febbraio 2002 23.31 A: Tomcat Users List; [EMAIL PROTECTED] Oggetto: Re: Custom Realm Implementation On Fri, 1 Feb 2002, Renato Romano wrote: Date: Fri, 1 Feb 2002 18:02:16 +0100 From: Renato Romano [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED], [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Custom Realm Implementation I'm trying to write my own Realm but have some problems... MyRealm extends JDBCRealm, overrides the authenticate method(Connection, String, String) and returns a CustomPrincipal which is My own implementation of Principal; When I try to log in, a get a User userName successfully authenticated message on the log, but the browser shows me a 403 error (You are not allowed ...) Tomcat calls the hasRole() method of your Realm implementation in order to check for the roles required to satisfy security constraints. You'll want to override this method as well, because the default method (in AuthenticatorBase) assumes you are using one of the standard Realm implementations that uses GenericPrincipal objects. Any idea ? Any document showing the process in details ? Thanks Just the source code, at the moment :-(. Renato Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Custom Realm Implementation
I'm trying to write my own Realm but have some problems... MyRealm extends JDBCRealm, overrides the authenticate method(Connection, String, String) and returns a CustomPrincipal which is My own implementation of Principal; When I try to log in, a get a User userName successfully authenticated message on the log, but the browser shows me a 403 error (You are not allowed ...) Any idea ? Any document showing the process in details ? Thanks Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
R: Catalina Authentication PLS Help !!
I found something, but the proposed solution is Instruct users not to access the login page !!! Of course that's not good for me... consider, for example, that my login page could be my HOME page !! I know there is no portable solution, but one for Tomcat (4) would be ok, if any... Thanks Renato -Messaggio originale- Da: Barry White [mailto:[EMAIL PROTECTED]] Inviato: mercoledì 21 novembre 2001 19.26 A: Tomcat Users List; [EMAIL PROTECTED] Oggetto: Re: Catalina Authentication PLS Help !! I remember some discussion about this subject. Have you searched the achives? - Original Message - From: Renato Romano [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, November 21, 2001 12:11 PM Subject: Catalina Authentication PLS Help !! Hi, I succesfully configured my webapp for login authentication, but I get a Page not Found Error, when a user access DIRECTLY the login page, (and not a protected area!!) and correctly gives his username and password. Probably Tomcat simply doesn't know WHERE to forward the user, because he didn't request a protected page!! When using Tomcat 3.2 I solved this by looking at the tomcat.auth.originalLocation parameter in the session object, and then defining a default value for this attribute when it was not set. How to do this with Tomcat 4 ?? Thanks. Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
How To Send Users To A Default Page After Form based Login ?
Hi all, I succesfully configured my webapp for login authentication, but I get a Page not Found Error, when a user access DIRECTLY the login page, (and not a protected area!!) and correctly gives his username and password. Probably Tomcat simply doesn't know WHERE to forward the user, because he didn't request a protected page!! When using Tomcat 3.2 I solved this by looking at the tomcat.auth.originalLocation parameter in the session object, and then defining a default value for this attribute when it was not set. How to do this with Tomcat 4 ?? Thanks. Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
URGENT !!! Please HELP !!!
Hi, I succesfully configured my webapp for login authentication, but I get a Page not Found Error, when a user access DIRECTLY the login page, (and not a protected area!!) and correctly gives his username and password. Probably Tomcat simply doesn't know WHERE to forward the user, because he didn't request a protected page!! When using Tomcat 3.2 I solved this by looking at the tomcat.auth.originalLocation parameter in the session object, and then defining a default value for this attribute when it was not set. How to do this with Tomcat 4 ?? Thanks. Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
R: form authentication with IIS - j_security_check - error 405 - tomcat 3.2.3
I had the same problem with version 3.2.1, but i suppose the workaround is the same. Supposed you did all that's said in the tomcat-iis-howto (see docs), you have to adjust the conf/uriworkermap.properties file, that's where isapi_redirect.dll gets informations from ... Following is mine ... Renato # # Simple worker configuration file # #/*=ajp12 /j_security_check=ajp12 /servlet/*=ajp12 /*.jsp=ajp12 /whatever_reserved_area/*=ajp12 -Messaggio originale- Da: Samuel Rochas [mailto:[EMAIL PROTECTED]] Inviato: mercoledi 21 novembre 2001 16.31 A: Tomcat Users List Oggetto: form authentication with IIS - j_security_check - error 405 - tomcat 3.2.3 Hello, I have troubles using the form authentication for an application running on the IIS (4.0) with tomcat 3.2.3. The security example is running fine, that is because it is running directly with tomcat and not through IIS first. The authentication mechanism for my application running with the IIS brings an error 405 with the URL: http://localhost/j_security_check It seems the IIS does not recognize that it should pass the request to the isapi_redirect.dll an tries to handle it itself, which brings the error. A workaround would be to set as URL for the login page something like: form-login-pagehttp://localhost:8080/login.jsp/form-login-page This would enforce the direct use of tomcat. I think it is quite tricky an would prefer something cleaner here. Any hint? Sincerly Samuel Rochas -- SWIPe Software Engineering Project Management GmbH Solutions with Individual Profile Web: http://www.swipe.de -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Caching Login Info in Tomcat 3.2.x
Hi, I would like Tomcat avoiding to access the DB for EVERY ACCESS to a reserved page. I think the best way to do this (apart from upgrading to Tomcat 4.0 !!) is to store the login info, or maybe just a flag I'm authenticated, in the session object. Does anyone already made something similar ? Should I only redefine methods in my Realm object ? Is there some security issue I'm not taking care of ?? Thanks Renato
R: Caching Login Info in Tomcat 3.2.x
And what about just storing an I'm authenticated flag in the session, associated with the username (which is already there...) ? This way I have no problems about password changes... Therefore, i think password is already stored clearly in the session object as the attribute j_password, isn't it ? -Messaggio originale- Da: Randy Layman [mailto:[EMAIL PROTECTED]] Inviato: martedì 2 ottobre 2001 14.34 A: [EMAIL PROTECTED] Oggetto: RE: Caching Login Info in Tomcat 3.2.x -Original Message- From: André de Jesus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 9:03 AM To: [EMAIL PROTECTED] Subject: Re: Caching Login Info in Tomcat 3.2.x If you are using container-managed authentication (the system that comes with Tomcat, that is configured for each Realm in the file server.xml), then the user roles and passwords are already automatically cached for each session (the isUserInrole() function and other similar functions do not trigger database accesses every time). Actually that is not correct. The JdbcRealm class that is provided with Tomcat does do a database connection for each request. It never stores authentication information. The provided class could be modified to provide the caching requested, but you would have to recode the Realm (which isn't a big deal). There is only a security risk if you store passwords unencrypted in memory and someone has enough access to your system to perform a memory dump (and then the intelligence of look at the dump and find the Map, List, or array of authentication credentials). The biggest problem to watch out for is removing cached information - it a user changes their password and then exits the application (either explicitly or implicitly) then you need to make sure that their cached information is removed before they come back and try to use their new password. If, on the other hand, you are authenticating the users with you own authentication system, then you could cache the authentication information in a session object (this is exactly what Tomcat does by default). Then, all private pages would check if the session object exists and if the user has been authenticated before displaying the private information. The only publicly visible key to this object is the session id, so all security problems could come from this session key being known to intermediate parties. Depending from the security level required by your application, you could consider setting lower expiration times for the session (or even explicitly expiring the session once some user operations have been successfully completed, with setMaxInactiveInterval()), or protecting the http communication with SSL. Andre de Jesus Renato Romano wrote: Hi, I would like Tomcat avoiding to access the DB for EVERY ACCESS to a reserved page. I think the best way to do this (apart from upgrading to Tomcat 4.0 !!) is to store the login info, or maybe just a flag I'm authenticated, in the session object. Does anyone already made something similar ? Should I only redefine methods in my Realm object ? Is there some security issue I'm not taking care of ?? Thanks Renato -- André de Jesus [EMAIL PROTECTED] TEKTIX - Consultoria em Sistemas de Informação, L.da http://www.tektix.com
