And, if you're not trying to do it in code... Tomcat Web Application
Manager... ala http://localhost:8080/manager/html
gary...
From: Shapira, Yoav [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
Date: Fri, 21 Nov 2003 08:53:23 -0500
To: Tomcat Users List [EMAIL PROTECTED]
This seems to come up (in various variations) again and again.
And, I also asked... should one simply subclass xxxRealm ... specifically
the java.security.Principal authenticate(java.lang.String username,
java.lang.String credentials) method? And, then ... maybe ... extending
Well... actually the geek that thought up Java named it Oak.
g...
From: Erik Wright [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
Date: Fri, 21 Nov 2003 15:08:50 -0500
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: [off-topic] jakarta, java, indonesia
Jakarta is
And now there is no Joy in Sun Quentin. ;)
g...
From: Ben Souther [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
Date: Fri, 21 Nov 2003 15:51:19 -0500
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: [off-topic] jakarta, java, indonesia
Actually, there was an Oak
Russ:
In general, if application.properties is in your classes dir
ResourceBundle rez = ResourceBundle.getBundle(application);
Put that in your singleton class. Then you could:
MySingleton.accessMySingleton().getRez().getString(a_prop);
Then go nuts and write a taglib to access MySingleton
I'm going around google circles... Within a servlet how do you go about
creating a java.security.Principal given a username and password? i.e.
how-to login within a servlet given a username and password?
Thanks,
gary...
-
To
jack:
I noticed you haven't received any responses yet. I was kinda waiting to see
is anyone had any bright ideas regarding... catching j_username/j_password
for later use within a webapp. I posted a somewhat related question in
Subject: application security gone mad.
Someone (please!) correct
is in the pipeline
for the long term though.
HTH
Adam
On 11/17/2003 06:59 PM Gary Hardy wrote:
jack:
I noticed you haven't received any responses yet. I was kinda waiting to see
is anyone had any bright ideas regarding... catching j_username/j_password
for later use within a webapp. I posted
First let me say this is not a specific tomcat question, rather, a general
application security issue that I'd like to get some feedback on. Secondly,
this is NOT my idea and I already have an opinion about it's ... flaws, to
be kind.
Here's the idea in a nutshell (operative word nut):
The app
The long and the short of it is:
There will be an infinite number of application users. (maybe a few less)
They will have 1-n roles. Let say 3 .
There are a finite number of proxy EJB access users.
As mentioned earlier, derived from the application user roles.
The method level security for EJB
Robert,
You hit it on the head...
And, prevail? not a chance, they're a client... I'm the consultant.
And, JAAS? Please. We can't even agree about CMS.
The posting was 1) a rant. 2) fishing for a little parting wisdom (not mine)
to leave with them to think about.
CMS is fine just the way it is.
11 matches
Mail list logo
