SSL and transport guarantee question

Have I got this right? I have an app and in the deployment descriptor I ask for FORM authentication and set the transport guarantee to CONFIDENTIAL . If the user attempts access to a secured page or servlet in that app from a simple http connection, tomcat will force the FORM page to be

Database connection Pooling and other questions

Hi! We currently have a couple of sites running JBoss-Tomcat. A third application that used the JBoss part of this setup has been canned leaving us with two non-EJB applications. As far as I can determine the only benefits we currently get from JBoss are the security system and connection

Question about URLencoded Cookie data?

Many thanks to Craig for pointing me at Filters to solve my access problems. Next Question: Running Tomcat 4.0.1, my cookies now seem to be URLencoded, ie characters + and = get encoded. How do I decode before reading them in a Filter or servlet? Gerry -- To unsubscribe: mailto:[EMAIL

Re: Question about URLencoded Cookie data?

OK! Thanks for that. Too obvious! I was looking in the javax api rather than there! Gerry - Original Message - From: Ing. Gabriel Gajdos [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 2:55 PM Subject: RE: Question about URLencoded Cookie data? There is such

jce ??

I am trying to deploy a web app under JBoss2.2.4-Tomcat4.0.1. This app uses JCE and works fine under JBoss2.2.2Tomcat3.2.2. Now it throws an exception cannot set up certs for trusted CAs. All the jce jars are in jboss/lib/ext. Has anyone fixed this problem? Gerry -- To unsubscribe:

Re: Securing access to pages

as a parameter when you redirected to the login servlet). -Original Message- From: Gerry Duhig [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 11:16 AM To: [EMAIL PROTECTED] Subject: Securing access to pages This is an old question to which I had an answer that worked under

Re: Securing access to pages

provided as a parameter when you redirected to the login servlet). -Original Message- From: Gerry Duhig [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 11:16 AM To: [EMAIL PROTECTED] Subject: Securing access to pages This is an old question to which I had an answer

Re: Securing access to pages

(where_to_go_after_this). Gerry - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, January 11, 2002 5:40 PM Subject: Re: Securing access to pages On Fri, 11 Jan 2002, Gerry Duhig wrote: Date: Fri, 11 Jan 2002 17:00:30

Re: Intercepting AuthenticationFilter and dispatching need help !

Fredy, Would you please show us exactly what you do, as I need to do the same sort of thing? I had a version that worked under 3.2, but it fails under Tomcat 4. Thanks Gerry - Original Message - From: Softwareentwicklung Hauschel [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL

Securing access to pages

This is an old question to which I had an answer that worked under 3.2.3 but now fails under 4.0.1 Using Tomcat embedded in JBoss, I want to secure access to a certain set of pages and use the JBoss security system to carry out the authentication. Standard stuff. But, as well as going

cryptography - slow starting????

Hi! I have successfully built a servlet that uses JCE to encrypt data and deployed it under JBoss Tomcat 2.4.1-3.2.2. The very first access is VERY slow as the cryptography classes do some sort of initialisation. I don't know what. Subsequent actions seem very quick. Is this to be

Re: cryptography - slow starting????

. You could just force such an initialization at startup so that startup has a bit of a slowdown, but then it runs fast the rest of the time. David - Original Message - From: Gerry Duhig [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 13, 2001 10:02 AM Subject

Re: cryptography - slow starting????

Brilliant - thank you! - Original Message - From: Bo Xu [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, November 13, 2001 8:23 PM Subject: Re: cryptography - slow starting - Original Message - From: Gerry Duhig [EMAIL PROTECTED] To: Tomcat Users

Fw: Security Question

I am using Tomcat with JBoss and JBoss is handling security. Everything works fine and each time a secured component is accessed I see two lines in the logs: User: name is authenticated User: name is authorized There are now thousands of these lines! How do I get rid of them? There are so many

Re: I'm using Tomcat, do I also need Apache

Can I ask a supplementary question please? We have a couple of applications that are a few html and JSP pages and a couple of servlets. Packing the whole lot up in ear files and deploying under JBoss-Tomcat is really nice and simple. Obviously then we are not using Apache because Tomcat is

Re: Security Question

PROTECTED] Sent: Friday, October 19, 2001 5:56 PM Subject: RE: Security Question What is your debug level in the context? Darrell -Original Message- From: Gerry Duhig [mailto:[EMAIL PROTECTED]] Sent: Friday, October 19, 2001 9:34 AM To: [EMAIL PROTECTED] Subject: Fw: Security

deploying applications with similar names - problem

I am using Tomcat embedded in JBoss: Versions: JBoss 2.2.2 Tomcat 3.2.2 I have two applications MyApp and MyAppWeb. I deploy both and all is well. I remove MyApp and MyAppWeb ceases to work. I have to redeploy it to make it work again. This becomes a problem when in normal use someone

Re: Can I do this in login.jsp?

I didn't see any answers! Does that mean its not possible? Or is just not the right thing to do? I really need to get something sorted soon. Help! Desperation creeping in here! Thanks Gerry - Original Message - From: Gerry Duhig [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday

Login j_security_check JSP question

Help! I want to find a sample of a JSP Page to use as the authentication form in a secure application. I have seen reference to such a page but cannot find a sample. We currently use an html page but need some additional processing. Please direct me to a URL or send me a sample Thanks Gerry

Can I do this in login.jsp?

I want login.jsp to take the user input username and pasword, pass them to a servlet to carry out some specialist actions including writing a cookie then pass the input to j_security_check so that authentication takes place. Is that possible? Anyone got an example I can see? Gerry

Load Balancing

I am a little confused about tomcat workers and loadbalancing in a Linux environment. I hope someone can explain. I am running tomcat embedded in JBoss. When I start JBoss, I see about 60 processes created. Presumably each of these is an instance of JBoss with an embedded Tomcat? Are they

Security Questions

Hi! I have Tomcat setup, actually running with JBoss, and I am looking at security. I can setup an application with a login-conf in web.xml, but I cannot see who or what handles that. Is it Tomcat directly, or some loaded subsystem? In detail: In my server.xml file I have thefollowing:

Servlets threads

I have written a Java servlet that seems to work quite well but I am confused about the exact context in which it runs. At initialisation it creates a JDBC connection and uses that to connect to a remote Oracle Database on each activation of the servlet. The connection remains open until

Very Basic question about Apache-Tomcat configuration

Help please! I have Apache running with ApacheJServ and working fine! I want to test tomcat and consider it as a replacement for JServ. I downloaded Tomcat and edited the Apache httpd.conf to include the apache-tomcat.conf file, instead of the JServ file. I start tomcat and I start Apache,

Re: Very Basic question about Apache-Tomcat configuration

server.xml file. As a minimum on a clean tomcat install, this will automatically let you access the example servlets via apache with the minimum effort. I take it you have consulted the Apache-tomcat howto? sam - Original Message - From: "Gerry Duhig" [EMAIL PROTECTED] To: [EM