-
From: Robert Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, December 13, 2004 8:59 PM
To: [EMAIL PROTECTED]
Subject: [newbie] Container Managed Security - preventing direct access
to .jsp
Greetings,
I'm new to Tomcat and this mailing list, and have a question
regarding
Robert Taylor wrote:
Please let me know if this questions is just too obvious
and I'll gladly RTFM...
See below :-)
It just seems like a common idiom to provide a portable mechanism
for protecting direct access to .jsp so as to enforce access through
some controller. I have in the past placed .jsp
Yes. That would be an alternative approach.
However, I want to use CMS (Container Managed Security) to protect direct
access to .jsp pages.
This should be possible as per the Servlet specification.
/robert
-Original Message-
From: Ben Souther [mailto:[EMAIL PROTECTED]
Sent: Tuesday
page/message when a .jsp page is requested without going through
the controller?
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 2:21 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing
I have not run into that kind of problem before... typically if you hit
a JSP without hitting its controller first you will just get nothing (an
HTML screen with no data). when it gets routed back to the controller,
it will then register a failure due to lack of data. Problem solved.
[EMAIL
Fair enough.
When I mention Container Managed Security, I am refering to
using security constraints defined in web.xml to prevent
direct access to resources.
More specifically in Section 12.8 of the 2.4 specification:
Security constraints are a declarative way of defining the protection of web
Robert Taylor wrote:
Does this not imply that I can do what I am trying to do?
I suppose; I'm just baffled why you want to reinvent this particular
built-in wheel, but don't let that stop you :-)
--
Hassan Schroeder - [EMAIL PROTECTED]
Webtuitive Design === (+1)
example:
http://forums.bea.com/bea/message.jspa?messageID=202433201
Oh well...
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 5:55 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing direct
a .jsp page is requested without going through
the controller?
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 2:21 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing direct
access to .jsp
Security, then, if
not this? The container prevents direct access to the resources
placed within WEB-INF, without you having to do anything else.
Maybe a better way to form the question would be how do I use
CMS to protect .jsp pages from direct access
as above
From: Hassan Schroeder [EMAIL PROTECTED]
Given that the Java Servlet Specification Version 2.4, page 70 sez:
A special directory exists within the application hierarchy
named WEB-INF. This directory contains all things related to
the application that aren't in the document root of the
security-constraint
web-resource-collection
web-resource-name
off-limits
/web-resource-name
url-pattern
*.jsp
/url-pattern
/web-resource-collection
auth-constraint
!--role-name manager /role-name--
/auth-constraint
/security-constraint
Greetings,
I'm new to Tomcat and this mailing list, and have a question
regarding configuring Tomcat to simply disallow access to .jsp pages
which I have been protected via the security-constraint/ in my web app
web.xml file.
From what I understand, the following should do the trick and cause
Sorry. I left off some info:
Tomcat 5.0.25
Win2k
JDK1.4.2
/robert
-Original Message-
From: Robert Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, December 13, 2004 8:59 PM
To: [EMAIL PROTECTED]
Subject: [newbie] Container Managed Security - preventing direct access
to .jsp
I saved my problem with your tip.
Thank you very much.
-Mensaje original-
De: Andoni [mailto:[EMAIL PROTECTED]
Enviado el: martes, 30 de noviembre de 2004 12:12
Para: Tomcat Users List
Asunto: Re: Admin and Manager applications don't work
withmodifiedCATALINA_BASE and startup.sh -security
Hi, i've implemented an application using tomcat security FORM based,
and authenticating against a database.
My login page is the standard FORM:
form method=POST action='%=response.encodeURL(j_security_check)
%'
table border=3 align=center cellpadding=3 cellspacing=1
bordercolor=#99 class
hello!
does anyone know if there's a tutorial or reference on how to set up
basic security using tomcat (5.5)? i'd like to get a better
understanding of how to secure particular pages in a webapp.
thanks!
-
To unsubscribe, e
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html
Is a start, but doesn't give a how to.
From the web.xml for the examples with added comments.
!--Starts the section. Located after jsp-config near end of file--
security-constraint
!--A description for identification by you
Is there an official channel/website where security advisories for tomcat
are releases/posted ? I saw some advisories on www.cert.org. Is
www.cert.org the official source for these security advisories ?
___
Regards,
Jeff Ong
IBM Toronto Lab, Toronto, CANADA
Hi,
CERT is about as official as you can get, yeah.
Yoav Shapira http://www.yoavshapira.com
-Original Message-
From: Jeff Ong [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 01, 2004 2:43 PM
To: [EMAIL PROTECTED]
Subject: How/Where do I get security advisories for tomcat
PROTECTED]
Subject: RE: How/Where do I get security advisories for tomcat ?
Hi,
CERT is about as official as you can get, yeah
Hi all,
I have problems to run jakarta-tomcat-4.1.31 with CATALINA_BASE other
than CATALINA_HOME using security.
I use startup.sh -security.
My CATALINA_HOME is /iobox/Sw_comercial/Tomcat/jakarta-tomcat-4.1.31
My CATALINA_BASE is /iobox/servicios/desarrollo/mms
My admin.xml
Any further thoughts on this issue? There must be some reason why this
won't run under Tomcat but does work stand-alone.
To recap, I am trying to execute the following code on an Xp box with Tomcat
5.0.27:
Process proc = runtime.exec(cmd.exe /C shutdown -r -f -m \\myPC -t 50);
int exitVal =
CATALINA_BASE and startup.sh -security
Hi all,
I have problems to run jakarta-tomcat-4.1.31 with CATALINA_BASE other
than CATALINA_HOME using security.
I use startup.sh -security.
My CATALINA_HOME is /iobox/Sw_comercial/Tomcat/jakarta-tomcat-4.1.31
My CATALINA_BASE is /iobox/servicios
Hi,
I am trying to run a simple exec command to open notepad with code as
follows:
Runtime runtime = Runtime.getRuntime();
Process proc = runtime.exec(C:\\WINDOWS\\system32\\notepad.exe);
This code works fine from a stand-alone program but not run under Tomcat.
I CAN successfully set the the
but not displayed on the console.
-Original Message-
From: andy wix [mailto:[EMAIL PROTECTED]
Sent: 29 November 2004 09:45
To: [EMAIL PROTECTED]
Subject: Runtime.exec security issue?
Hi,
I am trying to run a simple exec command to open notepad with code as
follows:
Runtime runtime
Hi Matt,
I have tried running the Tomcat service with 'allow service to interact with
desk top' checked in the service properties - I don't know if this should
allow Tomat to know about Windows?
Also, I don't think the application is actually getting launched as I don't
see it in the processes
You could be right. I still reckon that launching graphical programs from
tomcat is gonna be a bit dicey.
-Original Message-
From: andy wix [mailto:[EMAIL PROTECTED]
Sent: 29 November 2004 10:13
To: [EMAIL PROTECTED]
Subject: RE: Runtime.exec security issue?
Hi Matt,
I have tried
Hi,
Actually, I was assuming this was a simple example of a runitme call.
My real goal is to allow a privelidged user to re-boot the server with the
following code:
runtime.exec(cmd.exe /C shutdown -r -f -m \\myPC -t 50);
I would also like to call a couple of batch files.
These attempts have met
PROTECTED]
Sent: 29 November 2004 10:35
To: [EMAIL PROTECTED]
Subject: RE: Runtime.exec security issue?
Hi,
Actually, I was assuming this was a simple example of a runitme call.
My real goal is to allow a privelidged user to re-boot the server with the
following code:
runtime.exec(cmd.exe /C
Hi,
I've tried without the cmd.exe bit and also I have tried with the service
set to run as Administrator.
Cheers
Andy
_
Stay in touch with absent friends - get MSN Messenger
http://www.msn.co.uk/messenger
Wendy Smoak wrote:
From: Simon Tardell [EMAIL PROTECTED]
I want to deploy multiple instances of the same webapp, with different
authorization rules. However, declarative security is done in the
web.xml of which there will only be one copy (referred by multiple
contexts).
I'm confused
Simon Tardell [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Wendy Smoak wrote:
From: Simon Tardell [EMAIL PROTECTED]
I want to deploy multiple instances of the same webapp, with different
authorization rules. However, declarative security is done in the
web.xml of which
Hiya,
I want to deploy multiple instances of the same webapp, with different
authorization rules. However, declarative security is done in the
web.xml of which there will only be one copy (referred by multiple
contexts). Is it possible to impose security constraints on a web app
from
From: Simon Tardell [EMAIL PROTECTED]
I want to deploy multiple instances of the same webapp, with different
authorization rules. However, declarative security is done in the
web.xml of which there will only be one copy (referred by multiple
contexts).
I'm confused by why you say there's only
On Wed, Nov 17, 2004 at 10:58:23PM +0100, Simon Tardell wrote:
: I want to deploy multiple instances of the same webapp, with different
: authorization rules. However, declarative security is done in the
: web.xml of which there will only be one copy (referred by multiple
: contexts
PROTECTED]
Objet : Declarative security example
Hello everybody,
I'm trying to run the following test application on a Tomcat v4.1 that comes
along with JBuilder X.
web-app
servlet
servlet-nameSecureServlet/servlet-name
servlet-classSecureServlet/servlet-class
/servlet
security
Hello everybody,
I'm trying to run the following test application on a Tomcat v4.1 that comes
along with JBuilder X.
web-app
servlet
servlet-nameSecureServlet/servlet-name
servlet-classSecureServlet/servlet-class
/servlet
security-constraint
web-resource-collection
web
Thanks lot if anyone can point me in the right direction.
TC5.5.4 ( it happens to other versions)
Window XP
JAVA 1.5.0
My program runs successfully without turning on the -security, but has
the errors when it is turned on.
The errors generated look like not related to access violation because
if running tomcat5.5.4 without turning on -security, everything works
fine for jndi context mail session and DBCP.
But if -security turned on, I got the following errors.
If anyone can point to me what I missed or did wrong, greatly
appreciated.
Thanks
David
1. TC errors
access: access
David Lee wrote:
2. catalina.policy:
grant codeBase
file:${catalina.home}/webapps/javaxml2/WEB-INF/classes/UpdateItemServle
t.class {
Shouldn't you be giving those permissions (except the Oracle one :-) to
mail.jar, rather than your servlet class? That's what is actually making
the reference,
when tc security turned on then errors, if no security, it works fine, tried
everything, still has errors
Thanks for anyone who can help!!! greatly appreciated
David Lee
1. Errors:
access: access allowed (java.util.PropertyPermission line.separator read)
Nov 8, 2004 9:55:25 PM
with tomcat 4.0) where it was not necessary to modify the security
policy.
I talked to a friend of mine who also knows something about tomcat and
told me that to access a database in the same server where tomcat is, it
should not be necessary to modify the catalina.policy file.
I have some
the security
policy.
I talked to a friend of mine who also knows something about tomcat and
told me that to access a database in the same server where tomcat is, it
should not be necessary to modify the catalina.policy file.
I have some experience with tomcat but i run out of ideas and things to
try. Any
I want log4j to write its output to the webapps/[application
dir]/WEB-INF/logs directory. The log4j properties file is located in
the WEB-INF/classes directory, as specified.
Monitoring trace of log4j's process, shows log4j is unable to find
(create) the requested files.
I believe Tomcat is
for this list.
Yoav Shapira http://www.yoavshapira.com
-Original Message-
From: Lawrence J Winkler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 19, 2004 3:18 PM
To: [EMAIL PROTECTED]
Subject: Tomcat security stopping log4j write to a file
I want log4j to write its output
Lawrence J Winkler wrote:
I want log4j to write its output to the webapps/[application
dir]/WEB-INF/logs directory. The log4j properties file is located in the
WEB-INF/classes directory, as specified.
Monitoring trace of log4j's process, shows log4j is unable to find
(create) the requested
-pattern
/servlet-mapping
...
!-- JAAS Security Realm config --
security-constraint
web-resource-collection
web-resource-nameSecure Struts Actions/web-resource-name
url-pattern*.sec.do/url-pattern
/web-resource-collection
auth-constraint
]
Sent: Monday, October 18, 2004 10:08 AM
To: [EMAIL PROTECTED]
Subject: problem with security-constraint with Tomcat 5
I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat
5.0.28.
We're also using Tiles and Struts 1.1. The problem is that Tomcat 5
seems
to be confused with a url
: problem with security-constraint with Tomcat 5
Hi,
Could this be something that changed (or rather, was clarified) in the
Servlet Spec between version 2.3 (which Tomcat 4.x implements) and 2.4
(which Tomcat 5.x implements)? ;)
Yoav Shapira http://www.yoavshapira.com
-Original Message-
From
On Mon, 18 Oct 2004 10:45:23 -0400, Mercado . Maria [EMAIL PROTECTED] wrote:
Thanks for the suggestion, Yoav. I looked but I didn't see anything that stated
that a url pattern with 2 dots is illegal.
Most systems I am aware of consider that the extension is the last
dot. Otherwise, it starts
18, 2004 7:45 AM
Subject: RE: problem with security-constraint with Tomcat 5
Thanks for the suggestion, Yoav. I looked but I didn't see anything that
stated that a url pattern with 2 dots is illegal.
- Cecile Mercado
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent
Hello
I am running apache 2.0.46 with SSL with tomcat/mod_jk2, white box
linux. I do not have tomcat running SSL on 8443.
So I have this issue with my app... I am securing my app with the
security-constraint tag in web.xml (connected to mysql backend),
it works perfectly with the url-pattern
not have tomcat running SSL on 8443.
So I have this issue with my app... I am securing my app with the
security-constraint tag in web.xml (connected to mysql backend),
it works perfectly with the url-pattern/clients.jsp/url-pattern.
clients.jsp is a https:// uri, therefore my apache SSL
Goodmorning all,
Can I set a security constraint saying that i need to protect all except a directory
or a certain file?
My folder tree is quite like this one:
myApp
|
+ - - /images/
|
+ - - /WEB-INF/
|
+ -- *.jsp files
Well, what I need is to protect all
-Original Message-
From: QM
Executables and other server-side dynamic content( CGI,
servlets/JSPs, PHP, etc) permit end-users to interact with
the server in a different
way: they must process user input, and in doing so, watch
out for malformed values.
Hi,
I'm using mySQL for login name, password validation.
This from a standard html static page.
I can't see how I can get to this data to validate it?
Is it possible?
On a standard HTML static page you can use JavaScript for form field
validation and not even submit the form if the inputs
-Original Message-
From: Shapira, Yoav
I'm using mySQL for login name, password validation.
This from a standard html static page.
I can't see how I can get to this data to validate it?
Is it possible?
On a standard HTML static page you can use
Hi,
form method=POST action=j_security_check name=login
Which I'm guessing is picked up by Tomcat,
though I don't know how to 'add checking to it'?
Any advice appreciated, since I'd prefer java to jscript!
If you're trusting the container, trust it ;) You're depending on the
container to auth
t; They go on to suggest various
precautions that will reduce the risk.
This has me wondering if servlets are equally insecure or have a much
stronger security model. I also have Jason Hunter's 'Java Servlet Programming
(Second Edition)' which has a 30 page chapter on Security that details how
var
from external threats is CGI scripts. They go on to suggest various
: precautions that will reduce the risk.
:
: This has me wondering if servlets are equally insecure or have a much stronger
: security model.
The authors of that book may have said CGI but what they probably
meant, in a larger
Hi,
I'd say it's easier to expose security flaws with CGI scripts than it is with
Servlets, and vice versa it's easier to configure a secure environment for Servlets
than it is for CGI scripts.
That's not the same as saying Servlets are more secure than CGI. I don't think such
a categorical
Rhino wrote:
/* others having responded to the first issue(s), I'll just confine
myself to this one :-) */
is anyone aware of a wiki
that runs as a servlet, preferably open source?
You might look at JSPWiki -- http://www.jspwiki.org/
FWIW!
--
Hassan Schroeder -
Hi -- With tomcat 5.0.16, I could write into that directory (Windows),
But with tomcat 5.0.27, I can no longer do so. I've tried all sorts of stuff in
catalina.policy, but I still cannot configure it such that I can write my own log file
into the logs directory.
Thanks
Betty
To: Tomcat Users List
Subject: Re: Application-level security
Chris,
The August 2003 Java Developer's Journal (vol 8 issue 8) has an
article you might want to take a look at: ActiveAuthentication -
Extending J2EE form-based authentication by Thomas Beck;
http://www.sys-con.com/java/article.cfm?id
path will be
http://localhost/repository/upload/index.html
I want to have different security requirements for upload
and search.
If I have the security constraint on repository defined with
url-pattern of /*, I'm thinking that will cover all the
descendents
-Original Message-
From: Ruth, Brice
The security constraint is based on the actual URL
requested, not the resource that is being accessed. So, if
you're accessing:
http://my.host.com/ - and its actually loading
http://my.host.com/repository/index.jsp
understand you correctly,
when I browse to http://localhost/repository/index.jsp
my uril-pattern should be
security-constraint
web-resource-collection
web-resource-nameRead-WriteArea/web-resource-name
url-pattern/repository/*/url-pattern
I have other (html files) in
/webapps
/repository
In my applications web.xml I have
security-constraint
web-resource-collection
web-resource-nameRead-WriteArea/web-resource-name
description accessible by users of all roles/description
url-pattern/*/url-pattern!-- was /* --
http-methodGET/http-method
http
[EMAIL PROTECTED] wrote:
In my applications web.xml I have
security-constraint
web-resource-collection
web-resource-nameRead-WriteArea/web-resource-name
description accessible by users of all roles/description
url-pattern/*/url-pattern!-- was /* --
http-methodGET/http
(1) When using a SecurityManager, all permissions are managed globally
in two senses. They're granted in a single policy file,
conf/catalina.policy and they pertain to all installed webapps.
(2) FilePermission can't be relative to the root of a particular webapp.
That is my current
What do I have misconfigured to cause this security violation? I am
using -security to start a security manager and the page is https secure.
Using TC 5.0.27 on Redhat Linux, I received the following error in
catalina.out:
StandardClassLoader: Security Violation, attempt to use Restricted Class
I am running Tomcat4.1.30 on windows 2000, with security option turned on.
My java application which is using JDK 1.4, connects to the the credit card
authorizing company called verisign, and returns the approval authorization
code.
I have installed the digital certificate on $TOMCAT_HOME\certs
Our application has several catalina engines embedded in it and I am trying to
determine if it makes sense or is even possible to use the catalina security manager
in this setting. Specifically, what takes the place of the '-security' switch on
tomcat in an embedded scenario?
BH
Bill Hughey a écrit :
Our application has several catalina engines embedded in it and I am trying to
determine if it makes sense or is even possible to use the catalina security manager
in this setting. Specifically, what takes the place of the '-security' switch on
tomcat in an embedded
Hi.
I am running jakarta catalina version 5.0.27 on windows and I wanna remove anonymous
access to port 80 and I wanna integrate security to validate on LDAP ( windows 2000
ADS - primary domain control ).
I am used to do that on IIS.
Can anyone give me hints about this.
Thanks in advance
On Fri, Aug 20, 2004 at 09:45:05AM -0300, Ricardo Souza wrote:
: I am running jakarta catalina version 5.0.27 on windows and I wanna remove
: anonymous access to port 80 and I wanna integrate security to validate on LDAP
: ( windows 2000 ADS - primary domain control ).
: I am used to do
Subject: Container managed security in tomcat 5.x, need j_password in
struts web app, ServletFilter or IntermediateServlet?
Background:
=
I'm writing a web front-end to a back-end system which has 1000 user
accounts and each user has different rights (ACIs, ACLs) in that back-end
(think
It sounds like you'll need to create your own realm. You might be able to
extend JNDIRealm.
You cannot run filters on /j_security_check. The spec says so. Websphere
might allow it - but tomcat doesn't.
-Tim
[EMAIL PROTECTED] wrote:
the
security requirements of
this web-app.
I've searched the Java Servlet Specification v.2.4
http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html
but haven't found a place where applying ServletFilters to
/j_security_check is forbidden.
Could you please provide me with an pointer
has no access to the users session.
So I can't get the password from the realm.
I could of course write the password as cleartext or obscured code in my
own Realm to an external
data store. But I don't want that. It's dirty and unsafe and against the
security requirements of
this web-app.
I've
Thanks again Tim Funk. Your answer is another solution I didn't think of
and it sounds standard conform and secure and clean to me.
I'll develop my own JNDIRealm / JAASRealm and my own
Principal, so I get not only the name and roles of the user out of the
directory
but every other information
Your suggestion work perfectly
Thank you very much.
Fabian
Bill Barker wrote:
You simply need to have two security-constraints: One looks like below, and
the other has url-pattern/*/url-pattern, and doesn't have an
auth-constraint.
[EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I need
I need help to configure a secure application.
I'm trying to request a client certificate in one page only (the rest should
be accesible without presenting a certificate) and force to use SSL in the
entire application.
I put the following in the web.xml
security-constraint
web
in the
entire application.
I put the following in the web.xml
security-constraint
web-resource-collection
web-resource-namecertificates/web-resource-name
url-pattern/certificates/add.action/url-pattern
http-methodGET/http-method
http-methodPOST
the following in the web.xml
security-constraint
web-resource-collection
web-resource-namecertificates/web-resource-name
url-pattern/certificates/add.action/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web
You simply need to have two security-constraints: One looks like below, and
the other has url-pattern/*/url-pattern, and doesn't have an
auth-constraint.
[EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I need help to configure a secure application.
I'm trying to request a client
Hello, how are you?
I need help to configure a secure application.
I am trying to request client certificate in only one page and force to
use SSL in the entire application.
I put the following in the web.xml
security-constraint
web-resource-collection
web-resource
. (503)8859011
-Original Message-
From: Eugene [mailto:[EMAIL PROTECTED]
Sent: Viernes, 13 de Agosto de 2004 09:47 p.m.
To: Tomcat Users List
Subject: [tomcat] Help with mod_jk2 and security on Win 2003
Hi to all! First of all - thank you for this list! It helps to individuals
like I am
Echeverría
[EMAIL PROTECTED]
Tel. (503)8859011
-Original Message-
From: Eugene [mailto:[EMAIL PROTECTED]
Sent: Viernes, 13 de Agosto de 2004 09:47 p.m.
To: Tomcat Users List
Subject: [tomcat] Help with mod_jk2 and security on Win 2003
Hi to all! First of all - thank you
-
From: Eugene [mailto:[EMAIL PROTECTED]
Sent: Sábado, 14 de Agosto de 2004 03:53 p.m.
To: Tomcat Users List
Subject: Re[2]: [tomcat] Help with mod_jk2 and security on Win 2003
Thank you for reply! Yes its working on 8080, and its working if I am
running just Tomcat without Apache, I am deploying
de Agosto de 2004 03:53 p.m.
To: Tomcat Users List
Subject: Re[2]: [tomcat] Help with mod_jk2 and security on Win 2003
Thank you for reply! Yes its working on 8080, and its working if I am
running just Tomcat without Apache, I am deploying it in the webapp/myapp
folder of TC. I've tryed to run
/servlet-mapping
2) The second question is about security - I am running my server under
the second administrator account with reassigned rights (so its not
administrator anymore but it has more power then advanced user which is not
enough for me). So the question is - does anybody can
/servlet-mapping
2) The second question is about security - I am running my server under
the second administrator account with reassigned rights (so its not
administrator anymore but it has more power then advanced user which is not
enough for me). So the question is - does anybody can
for your help.
-Original Message-
From: Isen,Ciji [mailto:[EMAIL PROTECTED]
Sent: Monday, August 09, 2004 5:00 PM
To: Tomcat Users List
Subject: Re: Tomcat and Apache Axis Security
Have you tried access it from the Principal.
GenericPrincipal p = (GenericPrincipal
We use single sign for our Tomcat applications. We have another Tomcat that
hosts various web services. I would like to be able to send the logged on
users name and password as credentials to the web service and have Tomcat
authenticate it. I have tested this part with a hardcoded user name and
Have you tried access it from the Principal.
GenericPrincipal p = (GenericPrincipal)request.getUserPrincipal();
String uid = p.getName();
String passwd = p.getPassword();
Srofe, Douglas (c) wrote:
We use single sign for our Tomcat applications. We have another Tomcat that
hosts various web
Hi,
Could the tomcat-user subscriber at this domain (talisentech.com) please
tell me what prohibited content my message contained, and if it did
not contain any, please properly configure their mail security program?
Thanks,
Frans
[EMAIL PROTECTED] wrote:
Subject of the message: Re: Mysterious
I'm experiencing this same issue. I've got Tomcat 5.0.27, Apache 2.0.46,
and jk2 version 2.0.4. Has there been any solution? It occurs primarily
under heavy load.
-Joshua Szmajda
We've got a similar issue, though this in on Linux and using channelUnix/JNI instead
of normal tcp channelSocket.
I'm experiencing this same issue. I've got Tomcat 5.0.27, Apache 2.0.46,
and jk2 version 2.0.4. Has there been any solution? It occurs primarily
under heavy load.
-Joshua Szmajda
We've got a similar issue, though this in on Linux and using channelUnix/JNI instead
of normal tcp channelSocket.
201 - 300 of 1624 matches
Mail list logo
