ssl, verisign, no common encryption algorithm

2004-05-24 Thread Michael E. Allen
Greetings! I am running tomcat 4.1.27 and having trouble importing a global id certificate from Verisign. My server works fine with a self-generated certificate, but as soon as I replace my self signed certificate with the one from Verisign, I get a message from firefox that it is unable to co

restricting access to jsp pages

2004-01-14 Thread Michael E. Allen
Greetings! I am using struts 1.1 with Tomcat 4.1. I want to disallow a user to get direct access to my static pages. That is, if the user types a url that ends in anything but ".do", I want them redirected to "/Welcome.do". On the other hand, I want to be able to access jsp pages and such vi

Re: restricting access to jsp pages

2004-01-15 Thread Michael E. Allen
Ben Souther wrote: Hiding the JSPs is easy. Put them under the WEB-INF directory. Ok... but then how do I access the jsp pages? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: restricting access to jsp pages

2004-01-15 Thread Michael E. Allen
Andres Ledesma wrote: Hi, I have not much experience with jsp, but I do not think this is the right way of doing that, your app have not to be inside WEB-INF. To prevent people accessing your pages, you check the user session, if for example, this pages can be view only by registered users o

Re: restricting access to jsp pages

2004-01-15 Thread Michael E. Allen
[EMAIL PROTECTED] wrote: A trivial solution is to store something (anything) in the user session during login, and then retrieve it in the JSP. If the retrieved value is not null, then the user is logged in. If the user is not logged in, you can redirect him to the login or an error page. Of co

Re: restricting access to jsp pages

2004-01-15 Thread Michael E. Allen
response is required. b. -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Michael E. Allen Sent: Thursday, January 15, 2004 10:07 AM To: [EMAIL PROTECTED] Subject: Re: restricting access to jsp pages [EMAIL PROTECTED] wrote: A trivial solution is to store something

assume browser uses cookies from the beginning... how?

2004-01-27 Thread Michael E. Allen
From what I understand, the container sends both a cookie and appends "?JSESSIONID=" to the url the first time is send a url to a browser. On subsequent calls, the url is not rewritten if the browser uses cookies. I need to shut off that url rewrite on the first call. Is there a way to

tomcat 4.1.29 in SSL mode on AIX 5; Algorithm SunX509 not available

2003-11-21 Thread Michael E. Allen
Greetings! I am trying to bring up tomcat 4.1.29 in SSL mode on AIX 5. Everything works find before I uncomment the server.xml section to run SSL in port 8443. I have installed a keystore and I am running java 1.4.1, so the jsse stuff should be there. I have also looked at the security.jar i

Re: tomcat 4.1.29 in SSL mode on AIX 5; Algorithm SunX509 not available

2003-11-24 Thread Michael E. Allen
Bill Barker wrote: I'm guessing that you are running IBM's JVM. The Tomcat 5 ssl-howto has been updated for what you need for running with IBM (Tomcat only defaults to Sun). The main thing is to add 'algorithm="IbmX509"' to the Factory element. "Michael E.