Please, I need to understand how apache tomcat finds taglib files with .tld and .xml extensions
Hello: I have the following problem, actually it is not a problem, it is a conceptual problem I think. I have a custom taglib file, which is named mytaglib.xml. When I deploy my app, which uses this file, in apache tomcat 5.5 and better, my app does not have any problem to find this file, and everything works fine. But when I deploy my app in JBoss, I have the problem that the app can't find this file. If I renamed this file to mytaglib.tld, the problem is solved. I did the same test with tomcat, and it works fine. So, my question is, why doesn't apache tomcat have problems to find this file with a .tld or .xml extension?. I would like to know whether in older versions of apache tomcat, the name of taglib.xml was required, so today there is no problem with .tld or .xml extension. Is this part documented in somewhere? Thanks a lot. Regards. -- Alejandro
control of session timed out with tomcat
Hi my friends, I want to ask you all, If there is a way to control the timed out of sessions with tomcat, what I need is when the session timed out, automatically the user is redirected to the login page, Is this possible to do that from tomcat?, I mean, tomcat triggers some event to the user with session timed out, with no need user interaction. I know that the time of inactivity of the session is setup in web.xml, with that I have no problem, what I need is just redirect to a login page when the session timed out. I am working with tomcat 7.0.20 and JDBCRealm for authentication. Thanks in advance. -- Alejandro Soto M.
Re: control of session timed out with tomcat
Hi, thanks for your replies, These are the only ways I have to do it?, I was reading something about filters, but I think only works with user interaction. Thanks. On Thu, Oct 20, 2011 at 10:08 AM, Hassan Schroeder hassan.schroe...@gmail.com wrote: On Thu, Oct 20, 2011 at 6:51 AM, Alejandro Soto smalejan...@gmail.com wrote: Hi my friends, I want to ask you all, If there is a way to control the timed out of sessions with tomcat, what I need is when the session timed out, automatically the user is redirected to the login page, Is this possible to do that from tomcat?, I mean, tomcat triggers some event to the user with session timed out, with no need user interaction. No. That's not how the web works :-) What you *can* do is put a meta-refresh tag in the head of each page (with the time set the same as your session timeout) that redirects to a protected resource, which will bring up the login page. HTH, -- Hassan Schroeder hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Alejandro Soto M. Cel: 705-63861
Re: control of session timed out with tomcat
Thanks for the clarification. Well, my system is like a ERP, what I want to do is basically: the user for work with the system, first must to be authenticated, then the user can works normally, then, if his session timed out, he need to relogin, that is the reason because I need to control the sessions, but what the user was doing before relogin, must be on hold, if the authentication is successful, then the request of the user is committed. Any advice will be welcome. Thanks. On Thu, Oct 20, 2011 at 10:52 AM, André Warnier a...@ice-sa.com wrote: Alejandro Soto wrote: Hi, thanks for your replies, These are the only ways I have to do it?, I was reading something about filters, but I think only works with user interaction. The basic issues are these : 1) Tomcat (probably) doesn't spend its time all the time scanning stored sessions to see if one has expired, and deleting it. What it does is : when a new request comes in, and that new request has a session-id in it, then Tomcat looks for this stored session. If it finds it, it checks if it has expired, and if so, it deletes it and does as if the session had not been there in the first place. 2) even assuming that Tomcat would find out, without user interaction, that a session has expired, and wanted to send something somewhere, where would it send it ? It is not certain that the browser of that user still has a connection open with the server. And even if there was such a connection open, and Tomcat sent something on it, the browser isn't waiting for anything, since it has not requested anything. I wouldn't be surprised if the browser got very confused then. That's why you always need the browser to send something, to have Tomcat react and search for the session, and send an answer. Personally, I think that by trying to do this (in whatever way), you set yourself up for all kinds of bizarre happenings and side-effects. What is the problem you are trying to solve ? --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Alejandro Soto M. Cel: 705-63861
filters on j_security_check
Hi, my name is Alejandro, I am working with Tomcat 7.0.20 and I need to know how can I apply filters to j_security_check to verify the status of login before continue with my authentication process. I was thinking to use valves, but I read on internet that valves will be replaced with Filters - GSOC since Tomcat 7.0.x, so, I'm not sure what to do . Please, this is very important to me and any help will be appreciated. Best Regards. -- Alejandro Soto
Re: filters on j_security_check
Hi, thanks for reply, well, what i need is to know if the authentication was successful or not, I want to get the status of that authentication, I just need to know that status and has to be before the authentication mechanism continues. I am trying to invoke j_security_check from inside another servlet. Any suggestions about how resolve my requirement? Thanks in advance. Alejandro On Thu, Oct 13, 2011 at 12:50 PM, Pid p...@pidster.com wrote: On 13/10/2011 15:09, Alejandro Soto wrote: Hi, my name is Alejandro, I am working with Tomcat 7.0.20 and I need to know how can I apply filters to j_security_check to verify the status of login before continue with my authentication process. You can't use Filters because the Authentication Valves act before the Filter chain. Why do you need to filter on j_security_check? p I was thinking to use valves, but I read on internet that valves will be replaced with Filters - GSOC since Tomcat 7.0.x, so, I'm not sure what to do . Please, this is very important to me and any help will be appreciated. Best Regards. -- Alejandro Soto M. Cel: 705-63861
Re: filters on j_security_check
Hi Chuck, call j_security_check from inside another servlet is just an idea, why is bad idea? If possible, I don't want a custom Realm, I want to use the authentication mechanism of the container (JDBCRealm), use something like this: . Context context = (Context) host.findChild(myContext); Realm realm = context.getRealm(); String username = request.getParameter(j_username); String password = request.getParameter(j_password); Principal principal = realm.authenticate(username, password); if (principal == null) { // some tasks } else { // } But this give me problems with catalina.jar library inside of my .war file. Thanks. Alejandro On Thu, Oct 13, 2011 at 2:11 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Alejandro Soto [mailto:smalejan...@gmail.com] Subject: Re: filters on j_security_check what i need is to know if the authentication was successful or not What are you going to do with said information? I just need to know that status and has to be before the authentication mechanism continues. Why? It seems like you might actually need to write a custom Realm, not a filter. I am trying to invoke j_security_check from inside another servlet. That sounds really, really wrong. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org