RE: yet another SSL question
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: yet another SSL question Is it possible to have multiple different Login pages in one webapp? Yes; look at section 12.8 of the Servlet spec: http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html Use different url-pattern settings for each area of the webapp that you want to control. For a real-world example of using multiple security constraints in one web app, look inside Lambda Probe's WEB-INF/web.xml file (download from http://lambdaprobe.org). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: yet another SSL question
LambdaProbe has all of the state information which I have been seeking for years To one and all please look at http://lambdaprobe.org and view Cluster, Status, System Information as well as a plethora of categories too numerous to list here..I am heartened by threads/ClassLoader metrics availability Thanks Chuck Martin -- --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, January 14, 2007 10:50 AM Subject: RE: yet another SSL question From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: yet another SSL question Is it possible to have multiple different Login pages in one webapp? Yes; look at section 12.8 of the Servlet spec: http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html Use different url-pattern settings for each area of the webapp that you want to control. For a real-world example of using multiple security constraints in one web app, look inside Lambda Probe's WEB-INF/web.xml file (download from http://lambdaprobe.org). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: yet another SSL question
first, thanks for your help. But now I got the next problem: Is it possible to have multiple different Login pages in one webapp? Scenario: - Two areas (DB,shop) in one webapp - two groups of users having access to one of the areas. - one member of both groups. When I am logged in to the DB-section and call a page in the shop-section I get a permission denied error. How do I manage to have a new login-window to get access to the other section? auth-method in web.xml is BASIC. I tried FORM-based login with a re-login as errorpage , but did not get it to work. Is there a better way than a third usergroup with access to both sections? Can I invoke an automatic logoff when a page outside the current section is called, so I can force a new login to the entered section? Is there any way to log out? Is it possible with Basic-method to have different logins depending on which page is called? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
yet another SSL question
Hello world! My problem : I want some of my servlets to be accessible only when HTTPS is used: https:/path to servlet succeeds http:/path to servlet gives an error The first step seems to work, but when i have logged in into the secure area, load a page using https, delete the s and reload, the page is also loaded. How do i block the unsecured reload? I tried some of the hints for JSPs, but they seem not to work with servlets. My web.xml: web-app servlet servlet-namemyServlet/servlet-name servlet-classmyServlet/servlet-class /servlet ... more servlets... servlet-mapping servlet-namemyServlet/servlet-name url-patternpath to myServlet/url-pattern /servlet-mapping ... more servlets... /web-app What security-constraints do i need, and where do i have to put them? Thank you
Re: yet another SSL question
Try this: security-constraint web-resource-collection web-resource-nameSecure servlet/web-resource-name url-pattern/path/to/servlet/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Regards, D --- Jan Strauch [EMAIL PROTECTED] wrote: Hello world! My problem : I want some of my servlets to be accessible only when HTTPS is used: https:/path to servlet succeeds http:/path to servlet gives an error The first step seems to work, but when i have logged in into the secure area, load a page using https, delete the s and reload, the page is also loaded. How do i block the unsecured reload? I tried some of the hints for JSPs, but they seem not to work with servlets. My web.xml: web-app servlet servlet-namemyServlet/servlet-name servlet-classmyServlet/servlet-class /servlet ... more servlets... servlet-mapping servlet-namemyServlet/servlet-name url-patternpath to myServlet/url-pattern /servlet-mapping ... more servlets... /web-app What security-constraints do i need, and where do i have to put them? Thank you __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: yet another SSL question
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: yet another SSL question What security-constraints do i need, and where do i have to put them? The basis for Dhaval's suggestion is section 12 of the servlet spec, obtainable here: http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html For additional examples, look at the WEB-INF/web.xml files for Tomcat's built-in manager and admin apps, usually installed under the server/webapps directory, although as delivered, those do not require HTTPS. The transport-guarantee is necessary to force that. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]