A few pointers:
1. The trust store is the list of trusted CAs, not the list of trusted
client certificates. The CA that issued your client cert must be in the
trust store.
2. You need to modify your user details in your realm. If you are using
tomcat-users.xml it should look something like
Tomcat version?
Mark
Chris Abajian wrote:
More clues:
We got it to work if you put
Context path= docBase=webapps/our unpacked war file dir
in the top-level server.xml file. It does NOT work if you put this
context fragment in $CATALINA_HOME/conf/Catalina/localhost
the documentation on
The problem you describe is true of any session tracking system running
over http. The solution is to use https.
However, here's a question to fire back at your security team:
If you are worried about an attacker physically looking at a session ID
on a user's screen, what about if they decide
CATALINA_BASE\server\webapps\admin\login.jsp
ohaya wrote:
Hi,
When connecting to the Tomcat Admin webapp, a forms-based login page
appears. The web.xml for admin has a login-config section that
indicates that the login page is /login.jsp.
However, I've looked all over my hard drive, and
I'd be happy to look at this but for me to stand any chance of fixing it
you would need to provide a minimal webapp that reproduced the problem.
Ideally the problem should occur for every request but every few
requests is OK as well.
Given that it happens every few minutes at the moment it
Hello,
I just start with jspx and I have small problem with 'empty tags' and
'tags with empty content'.
Terminology:
empty tag: div/
tag with empty content: div/div
jspx - JSP document file ( with XML syntax )
Ok, so when I use 'tag with empty content' they are transform into
'empty tag'
Hi,
I'm looking for some decent documentation and technical reference on
how to configure Tomcat's SSL cipher. Say for example I want Tomcat to
support a specific SSL cipher suite like Triple DES. Hope someone has done
something like this already.
I'm using Tomcat 5.5 btw.
Thanks, Jojo
--
Mark,
As I indicated in my original msg, on my installation of Tomcat
(5.0.27), there is no login.jsp file in that location, or anywhere else
on my hard drive. And yet, if I leave the login-config section of
web.xml to the default, which is login.jsp, everything STILL seems to
work. I've
From: ohaya [mailto:[EMAIL PROTECTED]
Subject: Re: Where is default logon.jsp for Tomcat Admin webapp?
As I indicated in my original msg, on my installation of Tomcat
(5.0.27), there is no login.jsp file in that location, or
anywhere else on my hard drive.
For the admin app, jsps are
Caldarale, Charles R wrote:
From: ohaya [mailto:[EMAIL PROTECTED]
Subject: Re: Where is default logon.jsp for Tomcat Admin webapp?
As I indicated in my original msg, on my installation of Tomcat
(5.0.27), there is no login.jsp file in that location, or
anywhere else on my hard
The short answers are:
1. No
2. No
The longer answer is:
This is categorically *not* a security issue with Tomcat. I have tested
this and Tomcat continues to operate correctly after a request with a
very long host header. This looks to me like an issue with your daemon.
And a few tips for
This looks like bug 25899
(http://issues.apache.org/bugzilla/show_bug.cgi?id=25899) which has been
fixed in CVS and will be included in the next 4.1.x release.
Note that whilst I envisage that there will be a 4.1.32 release at some
point, I have date in mind at present.
Mark
李彦东 wrote:
- Original Message -
From: Iin Nurhidayat [EMAIL PROTECTED]
To: Tomcat Users List tomcat-user@jakarta.apache.org; Bryan Scarbrough
[EMAIL PROTECTED]
Sent: Thursday, July 14, 2005 7:58 PM
Subject: Re: Tomcat Configuration
See nothing at all,
get 404 resource /myapplication is not
Hi Everybody,
I need to include executable programs as part of my web application. in
development I created a directory WEB-INF/bin where I kept copies of the
programs I need. problem is when I create a war file for my application,
jar strips the execute file permissions from my programs. is
Thanks a lot for your reply. We'll see if we can persuade our security guys to
drop this issue.
Kind regards,
Alex.
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Monday, 18 July 2005 2:50 AM
To: Tomcat Users List
Subject: Re: Tomcat security realms question
Hi, Can anyone show me how to setup connection pool
and call it from java?
Thanks,
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Hello,
Try these how-tos:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/jndi-resources-howto.html
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/jndi-datasource-examples-howto.html
Good luck.
On 7/17/05, Tony Smith [EMAIL PROTECTED] wrote:
Hi, Can anyone show me how to setup connection
17 matches
Mail list logo