Re: tomcat 7.0.90 ubuntu web-security.xml doesn't work.

[richard coleman]

Chris,

Thanks for responding.  I got that from the web.xml file itself;

> 


The only references I can find (including the archives of this list) are
copies of web.xml with those same instructions.  Creating a block that
adheres to that DTD and placing it in the bottom of web.xml (before the
last  tag) works as expected.

The web.xml file is dynamically generated and so I am left with having to
remember to update the tomcat7/webapps//WEB-INF/web.xml by hand *after* it
is finished deploying from the .war file.  If I could place it in a
separate static web-security.xml file than it can be packaged in the .war
file and automatically applied whenever the application is deployed.

Thanks again for your help,

rik.

On Fri, Jul 19, 2019 at 2:44 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Richard,
>
> On 7/19/19 11:33, richard coleman wrote:
> > Hi all,
> >
> > Running tomcat 7.0.90, I am trying to add a security block to a
> > struts 1 application to redirect *most* urls to https.  It works
> > fine when I add it to the web.xml file in the
> > webapps//WEB-INF/web.xml file.
> >
> > That file states that I should be able to add it to a separate
> > web-security.xml file, but when I do so, tomcat *ignores* the
> > web-security.xml file.
> >
> > Is there something that's *not* mentioned that I am forgetting to
> > do to actually get this to work?
>
> I think you are asking the wrong mailing list. If you are using Struts
> for the redirection, then you want to ask the Struts folks why it's
> not working. You might want to provide en example of your
> configuration when doing so if you post over there.
>
> You might get crickets in response since you are asking about a
> product that was abandoned years ago. I feel your pain; I still use
> Struts 1.x myself. :(
>
> I've never heard of web-security.xml. Ever.
>
> What is it you are trying to configure in web-security.xml that works
> when you put it into web.xml? Why not just put it into web.xml if
> that's where it works?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0yD6MACgkQHPApP6U8
> pFjuIg/+ND6tguQw6z579Tabcc3movui80Zdva4EEyMzzCaJl0kkvF8wqVdEzErG
> uCOni0gwo3VflY5cdOM8cdAjcoR2iue3LrWOKQKEtuKpTuv6bGPO/HjGUBtKzMnd
> 0tBzohjEofy7IlS3+PhIVczdzKuU44s+SWUojYkQrtGSh2sgjkCfFC2IRisxoAWU
> YF29FARLbimkHDTlhjr0SqeUf5z5rt7l5y7IC8kzA2ipEJQaARfu+x/cQSlivPYd
> vrgOChrNFrqAhBHX5R+5KosL2nGPGT2cWodiVuC567Kyt5+vzp2PNLBKLwS3tT7T
> iOFGjZ3Z3AmctVebWFPEILuyoX9tqz0uZJjjkkeiLHl4d4RkvRAQOqjOyi0TyvNx
> bSenOp0YMp6Sq++lvDSmN3fx1VzoTMbfA4yacCFGLaflzJADO15kVRV/PM8aPAl6
> KPv16DrhGzxMCGVMoccQNxCYl1T0QyJfFJT+ocJVQ9ZRF1ZVd7rylq7RZwocnTh7
> tQptLst5e+SC3mcVvOhU/RLYXdqbstgaM93x8tvYv2jmtV7qmFyTDc/PGxYMr4Nh
> LfvVtyZG0Yq3672FwLgjIsbxMi91fkvGMJbXYkCUJXjvXNl+q8FwrzOJo/aGiXfY
> o0YExXDpKPRVMeEx36UXWjCu+JbFu6SBiX9zBkqt0k1NoC1jplU=
> =3GI8
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: tomcat 7.0.90 ubuntu web-security.xml doesn't work.

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Richard,

On 7/19/19 11:33, richard coleman wrote:
> Hi all,
> 
> Running tomcat 7.0.90, I am trying to add a security block to a
> struts 1 application to redirect *most* urls to https.  It works
> fine when I add it to the web.xml file in the
> webapps//WEB-INF/web.xml file.
> 
> That file states that I should be able to add it to a separate 
> web-security.xml file, but when I do so, tomcat *ignores* the 
> web-security.xml file.
> 
> Is there something that's *not* mentioned that I am forgetting to
> do to actually get this to work?

I think you are asking the wrong mailing list. If you are using Struts
for the redirection, then you want to ask the Struts folks why it's
not working. You might want to provide en example of your
configuration when doing so if you post over there.

You might get crickets in response since you are asking about a
product that was abandoned years ago. I feel your pain; I still use
Struts 1.x myself. :(

I've never heard of web-security.xml. Ever.

What is it you are trying to configure in web-security.xml that works
when you put it into web.xml? Why not just put it into web.xml if
that's where it works?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0yD6MACgkQHPApP6U8
pFjuIg/+ND6tguQw6z579Tabcc3movui80Zdva4EEyMzzCaJl0kkvF8wqVdEzErG
uCOni0gwo3VflY5cdOM8cdAjcoR2iue3LrWOKQKEtuKpTuv6bGPO/HjGUBtKzMnd
0tBzohjEofy7IlS3+PhIVczdzKuU44s+SWUojYkQrtGSh2sgjkCfFC2IRisxoAWU
YF29FARLbimkHDTlhjr0SqeUf5z5rt7l5y7IC8kzA2ipEJQaARfu+x/cQSlivPYd
vrgOChrNFrqAhBHX5R+5KosL2nGPGT2cWodiVuC567Kyt5+vzp2PNLBKLwS3tT7T
iOFGjZ3Z3AmctVebWFPEILuyoX9tqz0uZJjjkkeiLHl4d4RkvRAQOqjOyi0TyvNx
bSenOp0YMp6Sq++lvDSmN3fx1VzoTMbfA4yacCFGLaflzJADO15kVRV/PM8aPAl6
KPv16DrhGzxMCGVMoccQNxCYl1T0QyJfFJT+ocJVQ9ZRF1ZVd7rylq7RZwocnTh7
tQptLst5e+SC3mcVvOhU/RLYXdqbstgaM93x8tvYv2jmtV7qmFyTDc/PGxYMr4Nh
LfvVtyZG0Yq3672FwLgjIsbxMi91fkvGMJbXYkCUJXjvXNl+q8FwrzOJo/aGiXfY
o0YExXDpKPRVMeEx36UXWjCu+JbFu6SBiX9zBkqt0k1NoC1jplU=
=3GI8
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org