Dear List,
I have been asked if its possible to prevent DoS attacks inside Java
(JSP/Servlet).
I guess it is ... is this something however that TC would be configured to
deal with, or
must I do something myself. Whats normal ?
Many thanks in advance!
Best wishes
Ben Bookey
Dear List,
In the example docs on the Apache web-site, all the JNDI info. is configured
inside of the
server.xml and web.xml.
Is it possible or better said usual to make a data source, with the Oracle
configurable JDBC URL connection info. in a separate properties file. This
would mean
Hi Everyone,
Thanks for the replies. If i understand correctly, then the SSO should work
between Tomcat and another j2EE type servlet container? The other app. in
question is websphere.
regards,
Ben Bookey
From: Tim Funk [EMAIL PROTECTED]
Reply-To: Tomcat Users List tomcat-user
Dear List,
We are using Tomcat 4.1.xx. We are NOT using the built in security framework
which comes with TC. In the login.jsp page the user/password is validated by
an external organisation wide process, which returns simply true or false.
If the user is valid, the user is forwarded to the
Dear Tomcat users,
1. what exactly should the icon tags inside the web.xml do ? Is it simply
a
central reference for components within the webapp or does it have more
powerful
implications. i.e. the small icon will be used as an favicon type icon,
whenever a user
bookmarks a page from the
Dear List,
I would like to perform an action after the user logs in to our app.
We are using the tomcat Realm security model, with an Oracle database.
So therefoer I am trying to implement a filter in Tomcat 4.1.27, which
checks for all requests on the url /j_security_check
I know my filter is
got this idea from a ibm websphere help doc, where it is possible !
-Ursprungliche Nachricht-
Von: Tim Funk [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 3. Februar 2005 12:41
An: Tomcat Users List
Betreff: Re: Login filter
Filters cannot be run on j_security_check.
-Tim
Ben Bookey
Dear List,
I hope someone can give some hints to a none java/TC -specialist.
We have a jsp-servlet app, which has some important app variables inside
the web.xml. Because the validation for these parameters is quite complex
we have a single public class with public static setters and getters
Dear List,
We are using java sdk 1.4.2 which includes dom objects and a xml
transformer - EVERYTHING I need for my code to work. ALL my code imports
begin with javax.xml.* [interfaces] and org.w3c.dom [xml API] and
javax.trasform [for xslt processing].
I want my code ALWAYS -SPECIFICALLY to
Hi Yoav,
Why are the classes in the lib/endorsed path better ? Surely the sun sdk is
better to use !!
I tried removing. But it uses crimson instead of xalan (as it should see
below), and it doesnt work.
I would like it to use the xalan api provided also inside of the JDK1.4.2
package. Based on
Dear Ladies and Gentlemen,
This is a follow-on for a question from last week, but as its now on a
different-page of the mailing list. I decided to
post another new questions, so no-one misses it.
1) Below is an original extract of my tomcat 4.1.27 server.xml. I want to
enable compression in my
HI Tim
// Don't worry about writing a compression filter - tomcat comes with one on
its HTTP connector.
// Or if your using apache - use mod_gzip. I here the latest IIS also has
compression support.
Thanks ALOT for the suggestion. We are just using Tomcat 4.1 and Tomcat 5,
is this still
Dear Mathew,
Thanks for the link.
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html
I am afraid I dont understand the paragraph below, regarding the class
patterns
In addition, for the following class patterns, the classloader will always
delegate first (and load the
html file, with the mime type set correctly and the
browser will display the page, reducing
drastically the bandwidth)
i) Is this technique recommended at all ? could this lead to a bottleneck at
the filter ?
ii) IS this limited to html pages or graphics ? etc.
Kind regards
Ben Bookey
), inside my webapp and these
will be hopefully used by my app. rather than it using possibly older
versions that have been placed inside of the common/lib or even the jre\lib
path.
I would really appreciate any insight.
regards
Ben Bookey
Dear List,
We are using a sessionlistener to count users. Is it possible for us to
use the request object somehow inside of the sessionCreated event? We want
to determine the client.locale and then store this in the session object.
This would therefore mean, we can determine the language GUI
'===
=
regards.
Ben Bookey
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
PROTECTED]
Gesendet: Mittwoch, 15. September 2004 18:15
An: Ben Bookey
Betreff: RE: Workaround for using JNDI sources in the web.xml instead of
the server.xml?
Hi,
I don't know if you customizing context.xml would cause any problems.
Frankly, I don't care to support TC4. It's old, TC5 is much
this in the
startup scripts for TC. You could even try within Java code
System.setProperty(file.encoding, Cp1252);
ADC
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: 08 September 2004 10:44
To: Tomcat User List
Subject: Setting JVM == file.encoding = Cp1252
Dear list,
I
or database
encoding aligns.
why don't you email me your web.xml, your jsp, your servlet, your JNDI or
database connectivity config and I will take a look.
ADC
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: 08 September 2004 11:12
To: Allistair Crossley
Subject: AW
Dear TC profis, (allistair and Nikola)
I have had this problem for a week (aaahhh!), and would really appreciate
ANY help or pointers to what I may be doing wrong.
When I post a value from a form from either Netscape 6.0 or IE 6.0, and do
a system.out.println in my test
servlet there is
Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: 06 September 2004 11:19
To: Tomcat User List
Cc: Allistair Crossley; [EMAIL PROTECTED]
Subject: Real problem posting Euro symbol from jsp page, using TC 5.0
Dear TC profis, (allistair and Nikola)
I have had this problem
HI Nikola. et. al.,
thanks for your help. I really appreciate it !!
1. I have a Windows-1250 oracle database, and I am using TC 5. and jsp/html
pages
to perform updates/inserts. Despite using iso-8859-15 in my jsp/html, the
client
is still posting a ? (question mark symbol) instead of a Euro
=ISO8859-15%
%@ page pageEncoding=ISO8859-15%
it sounds to me like the encoding is still being switched incorrectly
somewhere.
ADC
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: 01 September 2004 14:37
To: Tomcat User List
Cc: Allistair Crossley
Subject: AW: ++ Best
or something else?
you could just for the sake of it try
%@ page contentType=text/html;charset=ISO8859-15%
%@ page pageEncoding=ISO8859-15%
it sounds to me like the encoding is still being switched incorrectly
somewhere.
ADC
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED
knows this
Cheers!
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: 31 August 2004 17:06
To: Allistair Crossley
Cc: Tomcat User List
Subject: AW: JSP/HTML Encoding
Hi Allistair
+++ Many thanks for your help. +++
I apologise when I ask some stupid questions
individually (in theory allowing many character encodings
to be used in each HTML frame), or as one unit.
I LOOK very much forward to any reply on this matter.
Sincerely,
Ben Bookey
-
To unsubscribe, e-mail: [EMAIL PROTECTED
this clears up your issue!
Alles gut, ich wuensche Dir Glueck!
ADC.
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: 01 September 2004 09:37
To: Allistair Crossley
Cc: Tomcat User List
Subject: How to pre-determine the browser request character encoding
type
Hi
a page within a frameset, and it could be that the parent frame
HTML page might be incorrectly pre-determining the encoding of the whole
frameset overriding the child frame settings.
kind regards,
Ben Bookey
-
To unsubscribe, e
PROTECTED]
Gesendet: Dienstag, 31. August 2004 17:08
An: Tomcat Users List; [EMAIL PROTECTED]
Betreff: RE: JSP/HTML Encoding
make sure also that you set file.encoding=utf8 in tomcat's startup options
so that the jvm also operates in that mode.
ADC
-Original Message-
From: Ben Bookey [mailto
.
*
* @param request The servlet request we are processing
*/
protected String selectEncoding(ServletRequest request) {
return (this.encoding);
}
}
ADC
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: 31 August 2004 16:28
Dear list,
2 questions
1) I think I remember reading somewhere that there was a .bat batch file
which we could run
on production machines, so that passwords are encrypted. Can anyone
enlighten ?
2) Whats the best configuration mechanism for my servlets? I think its
better to add the
the
.
documentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
regards
Ben Bookey
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-to. The former specifically
discusses how to use different XML parsers with tomcat.
Yoav Shapira
Millennium Research Informatics
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 03, 2004 11:28 AM
To: Tomcat User List
Subject: SUN or APACHE, xml parser -- How
Dear List,
Does the REALM security feature in Tomcat, always have to store a cookie
JSESSION in the client ?
Is there an easy-work-around so that a cookie is not stored ?
Please help!
Ben
-
To unsubscribe, e-mail: [EMAIL
Dear List,
I would like to check if a client has cookies/sessions enabled in the start
page of my webapp. whats the best way of doing this?
regards
Ben
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
Dear list,
What is the normal way of persisting session type information if the
client has sessions/cookies disabled.
I guess if he's got sessions switched off, then session.getId() will
return null ?
The userID must therefore be invented somehow on the server, and passed
between the
suprised that storing objects in the session object
works, when the client has sessions switched off hence app.setAttribute() ??
Help !!!
regards,
Ben
- Original Message -
From: Mike Fowler [EMAIL PROTECTED]
To: Ben Bookey [EMAIL PROTECTED]
Sent: Friday, June 25, 2004 5:41 PM
Subject: Re: How
Dear List,
We have implemented the Realm with Oracle. It works fine. (see below from TC
sample server.xml)
!--
Realm className=org.apache.catalina.realm.JDBCRealm debug=99
driverName=oracle.jdbc.driver.OracleDriver
Is it possible to use this sort of session handling (passing the SESSION ID
over HTTP)
when using the Realm security feature within TC ?
I have noticed that there is a cookie saved, JSESSIONID which
stores the SessionID.
Would appreciate any info.
Ben
Dear List,
We have written a webapp, and now I want to add some logging inside.
The app has jsp pages, servlets and a java package of classes for jdbc
database interaction.
O.k. as I understood Tomcat does support logging via, catalina.out etc.
The logfile can even be configured based on each
-specific redirection
syntax, such as 21 /dev/null or whatever.
Yoav Shapira
Millennium Research Informatics
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 11:14 AM
To: Tomcat User List
Subject: Override the system.outs so that no Tomcat
this
might not be working with 4.0.* ?
This is not so bad it is an older version, but it would be nice to explain
why it doesnt work ;)
I would really appreciate (again) any pointers.
regards
Ben Bookey
Is it possible with a single server.xml (or web.xml) paramter, to overide
all the System.out's in my webApp
so that no logfile is produced.
Many thanks in advance.
BB
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
Hello Mailing list,
I know its possible to pre-load jsp pages, and servlets in the web.xml.
How would one go around pre-loading simple java classes ? Can I add these to
the web.xml too?
regards
Ben Bookey.
-
To unsubscribe
Dear List,
In my NetBeans environment which has Tomcat integrated, I can find logs
which
show the individual requests for each HTML file. Where can I switch this
on/off in my real
installation of Tomcat for just my application (i am sharing a tomcat
instance) with other apps.?
I
Dear List,
On 9th May 2004 - Tomcat 5.0.24 Stable was released.
Which version would you all recomend for a critical commercial product ?
regards
Ben
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
. Switching on the the Access logs.
Hi,
In the server.xml file, comment the AccessLogValve element in or out as
you need.
Yoav Shapira
Millennium Research Informatics
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 8:52 AM
To: Tomcat User List
Dear List,
Q.1 We implement the integrated security model inside our app context
[defined in server.xml ].
Realm className=org.apache.catalina.realm.JDBCRealm debug=99
driverName=oracle.jdbc.driver.OracleDriver
connectionURL=jdbc:oracle:thin:@ 100.100.100.60:1521:ingeo
Dear list,
I think most of us need to have a mechanism where we can have multiple
elements, or jsp pages in our jsp solutions.
We have a web solution based on frames, (and tomcat) and have realised that
on a normal sesion time-out,
we get 404 on some of the frames, and could lead to major
Dear List,
I am using tomcat 4.0. My experience sofar is that when I put my uncompiled
.java files inside the WEB-INF\classes directory, and do a restart the
java files will ALL be compiled. This is not due to my web-xml settings, but
default Tomcat 4. behaviour.
However, later when I made a
Partner für GIS - Technologie |
| |
| Ben Bookey|
| [EMAIL PROTECTED] Fraunhoferstraße 5 |
| Tel 0 61 51 / 155 - 254 D-64283
/ROOT/index.jsp), and many other locations. Where did
you look or what made it difficult to find?
Yoav Shapira
Millennium Research Informatics
-Original Message-
From: Ben Bookey [mailto:[EMAIL PROTECTED]
Sent: Monday, May 17, 2004 9:12 AM
To: [EMAIL PROTECTED]
Subject: Tomcat security
Dear List,
I have specified for my app in the web.xml context a logging file. I thought
this would therefore result in
ALL System.out.println(); messages to be printed to my app_.txt file.
Instead, my app continues to log all output to the catalina.out file.
Is there anyway of printing content
54 matches
Mail list logo
