Cool. Was just writing a response about the headers tomcat adds when
using a security restraint. But you've already worked it out...
I've only seen the problem when using IE with SSL + security constraint
but i guess it's more of a general problem. :(
Jon
Rob Tomlin wrote:
ah t
> ah the old IE + SSL + cacheing problem ;)
This seems to solve the problem:
response.setHeader("Cache-Control", "public");
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
> ah the old IE + SSL + cacheing problem ;)
I am not using SSL,
I haveadding the suggested code it does not
solve the problem...
Cheers
Rob
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
ah the old IE + SSL + cacheing problem ;)
Try adding:
final String userAgent = request.getHeader("user-agent");
if (response.containsHeader("Pragma")
&& userAgent!=null
&& userAgent.toUpperCase().indexOf("MSIE")>-1) {
response.setHeader("Pragma", "public");
}
Solved it for us.
Jon
R
Hi,
I have a serlvet that is used to download a file to the client.
I am using Tomcat 4.1.24, with IE6.
All is fine when no is applied in the deployment
descriptor, but when I introduce such a constraint the file cannot be
downloaded. I recieve the error:
Internet Explorer cannot download serv
bert Priest [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2003 12:13 PM
> To: 'Tomcat Users List'
> Subject: RE: Session\Security Checking
>
>
> Ok. thanks.
>
> Do you have any links to the proper documentation for doing this?
>
> When you sa
27;Tomcat Users List'
Subject: RE: Session\Security Checking
If you've already implemented your own access control, then certainly it
might be more feasible to extend that to this set of pages. A filter
might be the best, if you can use a 2.3 compliant container.
The filter would simp
#x27;Tomcat Users List'
> Subject: RE: Session\Security Checking
>
>
> But I still need to change how my user are authenticated,
> correct. I now need to handle that authentication through the
> realm instead of a Form on our page now, right?
>
> -Original Message
Robert Priest wrote:
the URL for the download will contain a session id for the user. So if you
will allow me to modify my example:
Say user A logs in and has a session id of "1" and wants to download
abc.jar. He will be redirected to the url:
http://localhost/myservlet/downloaddir/1/abc.jar
now
Users List'
Subject: RE: Session\Security Checking
I think using a realm and simply setting up /downloaddir/* as a
'protected resource' is the way to go. The functionality you're looking
for has already been implemented by Container-Managed Auth.
Also.. if you use a container AU
n the URL. The mere presence of a session will prove that
your user is "logged in and authenticated".
> -Original Message-
> From: Robert Priest [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2003 11:25 AM
> To: 'Tomcat Users List'
> Subject
bc.jar
he\she will get an access denied.
Is that more understandable?
We are trying to prevent cutting and pasting of urls.
We are mainly concerned with just providing\denying access to this directory
and not security to an entire web application where I think the REALM would
be more a
ercept any request to that "downloaddir"
and perform session\security checking (by another servlet or jsp page)
before allowing access...
Now, is adding additional servlet\jsp the best way to go about this, or is
there a better way through Tomcat c
t/downloaddir/abc.jar";), I want to make sure that
you have a valid session id. If your
session id is invalid, you get an access denied page. if not, a http
download is started.
so I guess what I want is to intercept any request to that "downloaddir"
and perform session\security checkin
I want to make sure that
you have a valid session id. If your
session id is invalid, you get an access denied page. if not, a http
download is started.
so I guess what I want is to intercept any request to that "downloaddir"
and perform session\security checking (by another servlet
http://jakarta.apache.org/tomcat/faq/misc.html#error
-Tim
Māris Orbidāns wrote:
Hello
How can I change standard Tomcat error page ?
It prints Tomcat version and our auditors said it might be a security issue.
I have servlets and JSP pages in my app. I have error-page directive in all JSP
Hello
How can I change standard Tomcat error page ?
It prints Tomcat version and our auditors said it might be a security issue.
I have servlets and JSP pages in my app. I have error-page directive in all JSP pages,
however in case of
Null Pointer Exception it's seems not working.
tha
ocket. It this a known bug?
Regards,
Thomas
-Ursprüngliche Nachricht-
Von: Tim Funk [mailto:[EMAIL PROTECTED]
Gesendet am: Dienstag, 15. Juli 2003 13:02
An: Tomcat Users List
Betreff: Re: Tomcat 4.1.24 + Security Manager + weird Exceptions
- man ulimit
- Google (java "Too many open file
We've got a similar issue, though this in on Linux and using channelUnix/JNI instead
of normal tcp channelSocket.
We're using Apache2/mod_jk2 (built from tomcat-connectors-1.1M1).
On heavy load, there are over 3000 sockets open by one Tomcat/JVM, they don't seem to
go down again too while Tomcat
stag, 15. Juli 2003 13:02
> An: Tomcat Users List
> Betreff: Re: Tomcat 4.1.24 + Security Manager + weird Exceptions
>
> - man ulimit
> - Google (java "Too many open files" solaris)
>
> -Tim
>
> Haug Thomas wrote:
> > Hi everybody,
> >
> > I
Tomcat as a
service, but not with security or the additional cleanup I require. Does
anybody know how to go about this? Any information in this regard is highly
appreciated.
Thanks
-Manoj.
and DON'T use it.
Fifth, use the security manager.
Sixth, don't put ANYTHING confidential in a JSP...move it (like a database
connection URL, a username, or a password) to web.xml or server.xml, or a
properties file under WEB-INF.
Seventh, if you really want to obscure paths when p
- man ulimit
- Google (java "Too many open files" solaris)
-Tim
Haug Thomas wrote:
Hi everybody,
I am experiencing some strange behaviour with Tomcat 4.1.24 running with a
SecurityManager. The system is running on Solaris 8 using Jdk 1.4.1_02
and/or 1.4.2
Our software seems to use up all availabl
Hi everybody,
I am experiencing some strange behaviour with Tomcat 4.1.24 running with a
SecurityManager. The system is running on Solaris 8 using Jdk 1.4.1_02
and/or 1.4.2
Our software seems to use up all available file descriptors. If then tomcat
tries to accept a new request the IO system throw
ave an index.jsp.
Thanks.
- Original Message -
From: "Reginald Oake" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Monday, July 14, 2003 5:58 PM
Subject: Re: Newbie question on Tomcat security
> Hi.
>
> I'm not certain abou
type in the
> path on the browser to access my files.
>
> What kind of security that I should set up for that?
> I am pretty new to Tomcat so I need help.
>
> By the way, my OS is Windows 2000 Pro.
>
> Any help will be very much appreciated.
>
> _
Hi.
I don't know if this will be helpful but I have heard of people putting
their JSPs and other ancilliary files inside the WEB-INF directory. I'm
not sure what you have to do to make this work but it may well be worth
looking into.
Reg
CTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Monday, July 14, 2003 5:58 PM
Subject: Re: Newbie question on Tomcat security
> Hi.
>
> I'm not certain about this but it seems to me that it would be next to
> impossible to keep the html source from be
lf, pose a security risk.
Thanx
Reg
On Mon, 2003-07-14 at 15:49, substring wrote:
> Hello All,
>
> I just developed a JSP application called myapp,
> running on Tomcat 4.1.24. How can I keep people from
> accessing my files under /webapps/myapp? For
> example, people can d
access my files.
What kind of security that I should set up for that?
I am pretty new to Tomcat so I need help.
By the way, my OS is Windows 2000 Pro.
Any help will be very much appreciated.
_
Help STOP SPAM with the new MSN 8 and ge
to access my files.
What kind of security that I should set up for that?
I am pretty new to Tomcat so I need help.
By the way, my OS is Windows 2000 Pro.
Any help will be very much appreciated.
__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per m
http://www.hexworx.com
- Original Message -
From: "Susan Hoddinott" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, July 04, 2003 1:15 PM
Subject: Re: Compensating for applet security restrictions
> Hello,
>
> I have
am
doing. The first applet just takes parameters and either runs the program
as an applet or an application but the security which is inherited appears
to be that for an applet in either case?
Regards,
Susan Hoddinott
http://www.hexworx.com
- Original Message -
From: "Atreya
ds for SSL are stored in the clear. That
> places all responsibility of security to the OS, which may not be a good
> idea. What happened to defense-in-depth ??
>
> Nathan McMinn wrote:
>
> >When was the last time Tomcat had a published exploit?
> >
> >On a rela
-07-03 at 14:23, Nathan McMinn wrote:
> What do you mean "stored in the clear"? Are you referring to
> tomcat-users.xml? Personally, I use a MySQL database to hold auth
> information for a JDBC Realm, and store them digested. As an additional
> layer of security, the user a
What do you mean "stored in the clear"? Are you referring to
tomcat-users.xml? Personally, I use a MySQL database to hold auth
information for a JDBC Realm, and store them digested. As an additional
layer of security, the user account that is used to access the DB for the
realm is on
I can't believe that passwords for SSL are stored in the clear. That
places all responsibility of security to the OS, which may not be a good
idea. What happened to defense-in-depth ??
Nathan McMinn wrote:
When was the last time Tomcat had a published exploit?
On a related note, these
o: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 11:13 AM
Subject: Re: Tomcat security?
AFAIK, November 2002.
John
On Thu, 3 Jul 2003 11:14:26 -0500, Nathan McMinn <[EMAIL PROTECTED]>
wrote:
> When was the last time Tomcat had a published expl
Any idea what it was and/or what versions it affected?
- Original Message -
From: "John Turner" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 11:13 AM
Subject: Re: Tomcat security?
>
> AFAIK, Novem
l activity.
--Nathan
- Original Message -
From: "Eugene Lee" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 10:51 AM
Subject: Tomcat security?
Anyone want to discuss hardening Tomcat servers?
Hacking Contest Thr
s Web Sites
By George V. Hulme, InformationWeek
Updated Wednesday, July 2, 2003, 3:00 PM EDT
A hacking contest slated for this weekend could produce a rash
of Web-site defacements worldwide, according to a warning issued
Wednesday by security companies and governme
Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 10:51 AM
Subject: Tomcat security?
> Anyone want to discuss hardening Tomcat servers?
>
> Hacking Contest Threatens Web Sites
>
> By George V. Hulme, InformationWeek
> Updated Wednesday, July 2, 2003
hacking contest slated for this weekend could produce a rash
of Web-site defacements worldwide, according to a warning issued
Wednesday by security companies and government Internet security
groups. The hacker defacement contest is expected to kick off
on Sunday. The
worldwide, according to a warning issued
Wednesday by security companies and government Internet security
groups. The hacker defacement contest is expected to kick off
on Sunday. The contest supposedly will award free hosting
services, Web mail, unlimited E-mail
al Message -
From:
Susan Hoddinott
To: Tomcat Users List
Sent: Thursday, July 03, 2003 12:35
AM
Subject: Compensating for applet security
restrictions
Hello,
I currently have a JSP with an APPLET tag (including EMBED and OBJECT
references) which runs a JAR file loc
-Original Message-
From: Susan Hoddinott [mailto:[EMAIL PROTECTED]
Sent: July 3, 2003 2:35 AM
To: Tomcat Users List
Subject: Compensating for applet security restrictions
Hello,
I currently have a JSP with an APPLET tag (including EMBED and OBJECT
references) which runs a JAR file
Hello,
I currently have a JSP with an APPLET tag (including EMBED and OBJECT
references) which runs a JAR file located on my server. The program runs
fine but because the APPLET is run by the Java plug-in whenever it needs to read
or write data it attempts to read or write the data from or
Can somebody point me to a guide that has a good example on adding SSL
to a webapp (or possible a few), but not allowing other webapps to be
accessed via port 80 (unsecure port)?
_
Jeremy Nix
Senior Application Developer
Southwest Financial Ltd.
[EMAIL PROTECTED]
(513) 621-6699 ext
Another comment, grant codeBase will not accept !, check
${java.home}/docs/guide/security/permissions.html or api javadoc. You have
to use
- file:${path}/- for all classes and jars in this dir and subdirs;
- file:${path}/* for all classes and jars in this dir;
- file:${path}/my.jar for this jar
If you grant resolve to jdbc jar, then you don't need to specify the ip in
the url, use host.domain:port
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: June 24, 2003 5:57 PM
To: [EMAIL PROTECTED]
Subject: Tomcat 4.1.24 Security
I am in the proce
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 24, 2003 4:57 PM
> To: [EMAIL PROTECTED]
> Subject: Tomcat 4.1.24 Security
>
> that the dbcp code had tried 3 times to load before it gave up.
This makes me think all
ccess the "test" data base server. I
get a security error message - as I expected. Looking thru all of the documentation I
could find - I discovered that I needed to add a grant statement to the
catalina.policy file pointing to the codeBase for my JDBC driver.
(as an aside, I am uncer
Look at the documentation for SingleSignonValve.
"martin(Feng-Chang)" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Dear all:
I have two web applications named "homepage" and "login".
Application "login" is for authenticate users.
nk.do?... first, I got this error.
I looked into catalina.out, there was no permission exception.
-Original Message-
From: Jean-Francois Arcand [mailto:[EMAIL PROTECTED]
Sent: June 23, 2003 4:42 PM
To: Tomcat Users List
Subject: Re: [REPOST]Tomcat with security manager + NoClassDefFoundErro
---
From: Jason Bainbridge [mailto:[EMAIL PROTECTED]
Sent: June 23, 2003 3:48 PM
To: Tomcat Users List
Subject: Re: [REPOST]Tomcat with security manager + NoClassDefFoundError
Was just doing a bit of reading:
http://jakarta.apache.org/struts/userGuide/installation.html
Running Struts Applications U
omcat with security manager + NoClassDefFoundError
Was just doing a bit of reading:
http://jakarta.apache.org/struts/userGuide/installation.html
Running Struts Applications Under A Security Manager
Many application servers execute web applications under the control of a
Java
security man
Was just doing a bit of reading:
http://jakarta.apache.org/struts/userGuide/installation.html
Running Struts Applications Under A Security Manager
Many application servers execute web applications under the control of a Java
security manager, with restricted permissions on what classes in the
[mailto:[EMAIL PROTECTED]
Sent: June 23, 2003 2:53 PM
To: Tomcat Users List
Subject: Re: [REPOST]Tomcat with security manager + NoClassDefFoundError
What other struts.jar files have you got laying around? Have you maybe got
one
in common/lib? I'm not sure why setting a grant like that would m
Howdy,
Is your catalina.policy the default or modified?
Yoav Shapira
Millennium ChemInformatics
>-Original Message-
>From: Phillip Qin [mailto:[EMAIL PROTECTED]
>Sent: Monday, June 23, 2003 3:10 PM
>To: 'Tomcat Users List'
>Subject: RE: [REPOST]Tom
tomcat
classloader should take care of them.
To Yoav:
I start Tomcat with -security option. Tomcat will use Catalina.policy to
manage the permissions. I don't use JAAS or realm at all (realms were
cleaned up in server.xml).
-Original Message-
From: John Turner [mailto:[EMAIL PROT
Subject: Re: [REPOST]Tomcat with security manager + NoClassDefFoundError
On Tue, 24 Jun 2003 02:41, Phillip Qin wrote:
I solved this problem by including a grant entry
grant codeBase "file:${catalina.home}/webapps/myapp/WEB-INF/struts.jar"
{
permission java.security.AllPermission;
};
Why
Jason Bainbridge [mailto:[EMAIL PROTECTED]
>Sent: Monday, June 23, 2003 2:53 PM
>To: Tomcat Users List
>Subject: Re: [REPOST]Tomcat with security manager + NoClassDefFoundError
>
>What other struts.jar files have you got laying around? Have you maybe got
>one
>in common/lib?
---Original Message-
> From: Jason Bainbridge [mailto:[EMAIL PROTECTED]
> Sent: June 23, 2003 2:44 PM
> To: Tomcat Users List
> Subject: Re: [REPOST]Tomcat with security manager + NoClassDefFoundError
>
> On Tue, 24 Jun 2003 02:41, Phillip Qin wrote:
> > I solved this p
Good eye, Jason.
John
On Tue, 24 Jun 2003 02:43:59 +0800, Jason Bainbridge <[EMAIL PROTECTED]>
wrote:
On Tue, 24 Jun 2003 02:41, Phillip Qin wrote:
I solved this problem by including a grant entry
grant codeBase "file:${catalina.home}/webapps/myapp/WEB-INF/struts.jar"
{
permission java.secu
Typo, it is WEB-INF/lib.
When there is no grant entry for this jar, tomcat throws
"NoClassDefFoundError".
-Original Message-
From: Jason Bainbridge [mailto:[EMAIL PROTECTED]
Sent: June 23, 2003 2:44 PM
To: Tomcat Users List
Subject: Re: [REPOST]Tomcat with securi
On Tue, 24 Jun 2003 02:41, Phillip Qin wrote:
> I solved this problem by including a grant entry
>
> grant codeBase "file:${catalina.home}/webapps/myapp/WEB-INF/struts.jar" {
> permission java.security.AllPermission;
> };
Why isn't it in WEB-INF/lib ? That is probably why you had to add that gra
permission java.security.AllPermission;
};
But I am wondering if this AllPermission is secure enough or I am opening
more holes.
-Original Message-
From: John Turner [mailto:[EMAIL PROTECTED]
Sent: June 23, 2003 2:34 PM
To: Tomcat Users List
Subject: Re: [REPOST]Tomcat with securi
by struts. If I start Tomcat
without security manager, everything works fine. I can access
https://myhost.mydomain.com/myapp/mylink.do?myparam=myvalue.
After I start Tomcat -security and access the above link, I got the
following error. There is an index.jsp. When some one type
https://myhost.myd
Don't know if this mailing list filters my post, try it again.
I am frustrated. I have a webapp developed by struts. If I start Tomcat
without security manager, everything works fine. I can access
https://myhost.mydomain.com/myapp/mylink.do?myparam=myvalue.
After I start Tomcat -securit
boss Mailing List'
>Subject: Container managed security
>
>Hi All,
>
>May i know is it possible to have more than one login config for a
>single container. Says i have 2 applications running on different
>context; APP1 and APP2 both of them using container managed securi
Dear all:
I have two web applications named "homepage" and "login".
Application "login" is for authenticate users.
How those two web applications share security realms?
I found if i define and tags for homepage/web.xml
and login/web.xml,
I access to http://my
Hi All,
May i know is it possible to have more than one login config for a
single container. Says i have 2 applications running on different
context; APP1 and APP2 both of them using container managed security.
But required seperate login credential. Can i mantain 2 or more set of
users and
Hi,
My question is regarding using Tomcat (4.1.18) container security, with using a
JDBCRealm along with a security constraint for FORM type loggin in. Ok, before I start
confusing myself and you, let me be more clear.
I'm using Tomcat with win2k pro, and currently the system is running
Thanks!
The SingleSignOn valve works like a charm!
-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker
Sent: Wednesday, June 18, 2003 1:02 AM
To: [EMAIL PROTECTED]
Subject: Re: problems with web.xml and security
Now we are getting somewhere ;-).
If you
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker
> Sent: Tuesday, June 17, 2003 11:46 PM
> To: [EMAIL PROTECTED]
> Subject: Re: problems with web.xml and security
>
> and are optional elements. If you
> don't
> need them, then they don't have to be there.
>
> If
PROTECTED] On Behalf Of Bill Barker
Sent: Tuesday, June 17, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: Re: problems with web.xml and security
and are optional elements. If you
don't
need them, then they don't have to be there.
If you remove the , then the rest of what is posted of
yo
llowed the order as it is in the tutorial.
> Even removing , /secure/* is not authenticated and /*
> is.
>
> -- Rosaria
>
>
> -Original Message-
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker
> Sent: Tuesday, June 17, 2003 8:16 PM
> To: [EMAIL
, 2003 8:16 PM
To: [EMAIL PROTECTED]
Subject: Re: problems with web.xml and security
If you check your log files, you should see that it doesn't like your
web.xml file because comes after and
before (which both come before ).
Tomcat 4.x is picky about enforcing the order of elements in
ssing Tomcat's security checks). If it works, this is probably the
easiest.
Otherwise you probably would need to plug in your own custom Authenticator
that would be smart enough to un-secure some configured set of URLs.
"Bob Damato" <[EMAIL PROTECTED]> wrote in message
news:[E
gt; -- Rosaria
>
> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> "http://java.sun.com/dtd/web-app_2_3.dtd";>
>
>
> ...
>
>
>
>
> Secure Pages
> Security constraint on all files
> /*
>
]
Sent: Tuesday, June 17, 2003 3:52 PM
To: Tomcat Users List
Subject: Re: problems with web.xml and security
You need 2 web.xml files.
In / (or ROOT) for the context that maps to
http://my.domain.com/
and in the web application defined by the context /secure
which may be in the subdirectory
/server.xml point to the
appropriate web application.
This will map to http://my.domain.com/secure
Remember, we're talking about web applications, and *not*
directories.
So, in the web application that you have defined to be
the context /secure, put the security constraint of /*
That will app
I include /secure in the root web application?
Thanks
-- Rosaria
-Original Message-
From: Jon Eaves [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 3:04 PM
To: Tomcat Users List
Subject: Re: problems with web.xml and security
Rosaria Silipo wrote:
> Thanks Carl,
>
&g
Unbelieveable to say. It works!
Do you have an explanation for this?
Thanks
-- Rosaria
-Original Message-
From: Carl Walker [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 1:25 PM
To: Tomcat Users List
Subject: Re: problems with web.xml and security
What happens when you take
Rosaria Silipo wrote:
Thanks Carl,
Yes, I tried to see /secure as first thing and I can see it without
authentication.
I tried to close browser and restart it and I still could see it.
Maybe the problem is on the web.xml of /secure. Is it possible?
-- Rosaria
If I'm reading your sentence correctl
is on the web.xml of /secure. Is it possible?
>
> -- Rosaria
>
> -Original Message-
> From: Carl Walker [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 17, 2003 12:56 PM
> To: Tomcat Users List
> Subject: Re: problems with web.xml and security
>
> I just teste
:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 12:56 PM
To: Tomcat Users List
Subject: Re: problems with web.xml and security
I just tested this and wasn't able to see /secadmin without logging-on.
Are
you closing the browser (possible including mail clients) between
trials?
If you go from hi
Security for the site I'm working with was originally done via IPlanet's
internal security. I'd like to move to using the webapp security in
Tomcat. Under iPlanet, the security was set up with the entire site - /*
- being secured, then specific uri's were explicitly decl
.
>
> -- Rosaria
>
> -Original Message-
> From: Carl Walker [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 17, 2003 11:37 AM
> To: Tomcat Users List
> Subject: Re: problems with web.xml and security
>
> In which way doesn't it work? Are you prohibited from view
: Tomcat Users List
Subject: Re: problems with web.xml and security
In which way doesn't it work? Are you prohibited from viewing the files
after logging in or can you see the files even if you haven't
authenticated?
-Carl
Rosaria Silipo wrote:
> Hi,
>
> I am trying to set up
?
>
> Thanks for any help
>
> -- Rosaria
>
> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> "http://java.sun.com/dtd/web-app_2_3.dtd";>
>
>
> ...
>
>
>
>
> Secure Pages
> Security constrain
com/dtd/web-app_2_3.dtd";>
...
Secure Pages
Security constraint on all files
/*
/secure/*
POST
GET
admin can login
admin
SSL not required
NONE
30
FORM
default
/LoginForm.html
/Logi
ike /secure/*.
Have you have ever seen this problem before?
Thanks for any help
-- Rosaria
http://java.sun.com/dtd/web-app_2_3.dtd";>
...
Secure Pages
Security constraint on all files
/*
/secure/*
POST
GET
admin can login
admin
Thanks John - solved.
-Original Message-
From: John Rishea [mailto:[EMAIL PROTECTED]
Sent: 14 June 2003 16:46
To: Tomcat Users List
Subject: RE: security constraint & web.xml
Euan,
If you look at the DTD 2.3 specs, the and
entries have to be placed after the entries. It&#x
EMAIL PROTECTED]
Sent: Saturday, June 14, 2003 9:41 AM
To: '[EMAIL PROTECTED]'
Subject: security constraint & web.xml
The security constraint I am adding is screwing up my web.xml. After adding
the contraint tomcat cannot find my taglibs. Any ideas? (web.xml below)
Thanks,
Euan
The security constraint I am adding is screwing up my web.xml. After adding
the contraint tomcat cannot find my taglibs. Any ideas? (web.xml below)
Thanks,
Euan
http://java.sun.com/dtd/web-app_2_3.dtd";>
TestOnline
Build of Test
webmaster
[EMAIL P
of course yes
i start tomat with -security and -Djava.security.debug=access,failure for trace
else no security exception
At 15:16 2003-06-10 -0400, you wrote:
Did you start tomcat with start security? If not, some else messed up.
-Original Message-
From: Maxime Colas des Francs [mailto
Did you start tomcat with start security? If not, some else messed up.
-Original Message-
From: Maxime Colas des Francs [mailto:[EMAIL PROTECTED]
Sent: June 10, 2003 3:23 PM
To: [EMAIL PROTECTED]
Subject: tomcat security
Hi,
Is there a typical security configuration for a web
Hi,
Is there a typical security configuration for a web application in
catalina.policy ?
I have a lot of
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
and i don't understand where it comes fro
:
Is there a mailing list for security warnings for tomcat?
Are there any security issues in a default tomcat install ?
Ciao
Jens Skripczynski
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
601 - 700 of 1663 matches
Mail list logo
