Re: Maintaining Sessions
At 04:22 PM 6/2/2004, you wrote: There is a web.xml file in my catalinahome/conf directory. I have read that according to some specifications somewhere, I should also have a web.xml in every WEB-INF directory for each application. Does the main web.xml file apply to all applications, and the WEB-INF web.xml just add settings to the specific applications, or does it OVERRIDE the main web.xml (so I would need to include ALL the entries found in the main file in ALL of the application level web.xml files)? The app-specific web.xml extends the global one (information defined in the app-specific one overrides the global one, but any information not overridden is inherited). And what would an entry look like to force one specific file to re-direct to the secure port? I can only find very vague examples that secure entire applications. This is a Servlet spec thing -- see SRV.12.8 (Servlet2.3). It's basically something like this in your web.xml (no guarantees for code correctness here, but it should get you started): /secure/* CONFIDENTIAL Thanks for the help thus far, Justin Jaynes No problem. Good luck. justin --- Justin Ruthenbeck <[EMAIL PROTECTED]> wrote: > > Hi, > > Square peg, round hole. > > It seems like the only reason you've split these > into multiple hosts is > to differentiate between secure and non-secure > communication -- that's a > bad idea. From what you've said, the best approach > is to put all of the > JSPs for (A) and (C) in the same webapp, but set > s > for those resources (C) that require https. > > See: > http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html > > What you're describing here is a deployment-time > problem -- it shouldn't > impact your code in a major way like distributed > sessions would cause. > > justin > > > At 02:56 PM 6/2/2004, you wrote: > >Hello, > > > >I am running Tomcat 5.0.25 on SuSE Linux 9.1. I am > >running ONE Tomcat server with two services: > > > >1. Standalone on port 80, with two hosts: > > A. A basic shopping site with a CartBean.java > > that I set scope=session when I call it > from > > JSP's. > > B. Another not related host. > > > >2. Standalone SECURE on port 443, with two hosts: > > C. The secure checkout site for host A > (above) > > B. Another secure, but not related, host. > > > >My cart.jsp on host A uses checkout.jsp on host C > to > >process the request. However, the session with > >CartBean objects does not carry over. How do I > keep > >my session alive from host to host on the same > server? > > And what if I decide to move the host C to > another > >server on another machine? Then what? > > > >Or is this the wrong approach? Is there a way to > have > >SOME secure jsp's on the same host as some > non-secure > >jsp's? > > > >And do I HAVE to have a WEB-INF directory for both > >hosts, or could they somehow share a WEB-INF > directory > >so I only have to maintain ONE set of classes? I > >tried using symbolic-link WEB-INF's to one big > WEB-INF > >directory, but it did NOT work. > > > >Justin Jaynes > > > > > > > > > >__ > >Do you Yahoo!? > >Friends. Fun. Try the all-new Yahoo! Messenger. > >http://messenger.yahoo.com/ > > > >- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > __ > Justin Ruthenbeck > Software Engineer, NextEngine Inc. > justinr - AT - nextengine DOT com > Confidential. See: > http://www.nextengine.com/confidentiality.php > __ > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Maintaining Sessions
That makes sense. I did some reading since you replied and I realize now that I can have more than one connector per engine containing multiple hosts. That also explians the mysterious redirect port parameter that I couln't make heads nor tails of till now. But a few web.xml questions. There is a web.xml file in my catalinahome/conf directory. I have read that according to some specifications somewhere, I should also have a web.xml in every WEB-INF directory for each application. Does the main web.xml file apply to all applications, and the WEB-INF web.xml just add settings to the specific applications, or does it OVERRIDE the main web.xml (so I would need to include ALL the entries found in the main file in ALL of the application level web.xml files)? And what would an entry look like to force one specific file to re-direct to the secure port? I can only find very vague examples that secure entire applications. Thanks for the help thus far, Justin Jaynes --- Justin Ruthenbeck <[EMAIL PROTECTED]> wrote: > > Hi, > > Square peg, round hole. > > It seems like the only reason you've split these > into multiple hosts is > to differentiate between secure and non-secure > communication -- that's a > bad idea. From what you've said, the best approach > is to put all of the > JSPs for (A) and (C) in the same webapp, but set > s > for those resources (C) that require https. > > See: > http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html > > What you're describing here is a deployment-time > problem -- it shouldn't > impact your code in a major way like distributed > sessions would cause. > > justin > > > At 02:56 PM 6/2/2004, you wrote: > >Hello, > > > >I am running Tomcat 5.0.25 on SuSE Linux 9.1. I am > >running ONE Tomcat server with two services: > > > >1. Standalone on port 80, with two hosts: > > A. A basic shopping site with a CartBean.java > > that I set scope=session when I call it > from > > JSP's. > > B. Another not related host. > > > >2. Standalone SECURE on port 443, with two hosts: > > C. The secure checkout site for host A > (above) > > B. Another secure, but not related, host. > > > >My cart.jsp on host A uses checkout.jsp on host C > to > >process the request. However, the session with > >CartBean objects does not carry over. How do I > keep > >my session alive from host to host on the same > server? > > And what if I decide to move the host C to > another > >server on another machine? Then what? > > > >Or is this the wrong approach? Is there a way to > have > >SOME secure jsp's on the same host as some > non-secure > >jsp's? > > > >And do I HAVE to have a WEB-INF directory for both > >hosts, or could they somehow share a WEB-INF > directory > >so I only have to maintain ONE set of classes? I > >tried using symbolic-link WEB-INF's to one big > WEB-INF > >directory, but it did NOT work. > > > >Justin Jaynes > > > > > > > > > >__ > >Do you Yahoo!? > >Friends. Fun. Try the all-new Yahoo! Messenger. > >http://messenger.yahoo.com/ > > > >- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > __ > Justin Ruthenbeck > Software Engineer, NextEngine Inc. > justinr - AT - nextengine DOT com > Confidential. See: > http://www.nextengine.com/confidentiality.php > __ > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Maintaining Sessions
Hi, Square peg, round hole. It seems like the only reason you've split these into multiple hosts is to differentiate between secure and non-secure communication -- that's a bad idea. From what you've said, the best approach is to put all of the JSPs for (A) and (C) in the same webapp, but set s for those resources (C) that require https. See: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html What you're describing here is a deployment-time problem -- it shouldn't impact your code in a major way like distributed sessions would cause. justin At 02:56 PM 6/2/2004, you wrote: Hello, I am running Tomcat 5.0.25 on SuSE Linux 9.1. I am running ONE Tomcat server with two services: 1. Standalone on port 80, with two hosts: A. A basic shopping site with a CartBean.java that I set scope=session when I call it from JSP's. B. Another not related host. 2. Standalone SECURE on port 443, with two hosts: C. The secure checkout site for host A (above) B. Another secure, but not related, host. My cart.jsp on host A uses checkout.jsp on host C to process the request. However, the session with CartBean objects does not carry over. How do I keep my session alive from host to host on the same server? And what if I decide to move the host C to another server on another machine? Then what? Or is this the wrong approach? Is there a way to have SOME secure jsp's on the same host as some non-secure jsp's? And do I HAVE to have a WEB-INF directory for both hosts, or could they somehow share a WEB-INF directory so I only have to maintain ONE set of classes? I tried using symbolic-link WEB-INF's to one big WEB-INF directory, but it did NOT work. Justin Jaynes __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Maintaining Sessions
Hello, I am running Tomcat 5.0.25 on SuSE Linux 9.1. I am running ONE Tomcat server with two services: 1. Standalone on port 80, with two hosts: A. A basic shopping site with a CartBean.java that I set scope=session when I call it from JSP's. B. Another not related host. 2. Standalone SECURE on port 443, with two hosts: C. The secure checkout site for host A (above) B. Another secure, but not related, host. My cart.jsp on host A uses checkout.jsp on host C to process the request. However, the session with CartBean objects does not carry over. How do I keep my session alive from host to host on the same server? And what if I decide to move the host C to another server on another machine? Then what? Or is this the wrong approach? Is there a way to have SOME secure jsp's on the same host as some non-secure jsp's? And do I HAVE to have a WEB-INF directory for both hosts, or could they somehow share a WEB-INF directory so I only have to maintain ONE set of classes? I tried using symbolic-link WEB-INF's to one big WEB-INF directory, but it did NOT work. Justin Jaynes __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
