Re: http session lost between struts action
But they use Struts, where URL rewriting is done automatically if cookies are disabled, presumed the relevant tags are used rather than plain HTML links, for example. Maybe that's the problem, that in some link, form action or redirect the jsessionid is missing. Then of course the session is lost. Torsten Charl Gerber schrieb: If your session data is stored as a session cookie (I *think* this is default behaviour), then your session will get lost if you have cookies disabled on your browser. --- angelina zh <[EMAIL PROTECTED]> wrote: Michael, Thank you so much for your reply. The login page is a JSP page. In the JSP page, the login form's mothod is post and the action is a struts action. After login, we did some internal redircts for security checking and then take the user to the welcome page. The welcome page is generated from XML using xslt. We have a FrontController which extends ActionServlet from struts to handle request and response. I kept very close watching of the requests. I am very sure that the session has been established on the login page and kept valid till the welcome's action got invoked and the welcome page got constructed. After I clicked one of the links on the welcome page, I noticed that when the FrontController got invoked, the session had became to null. So we lost session before the next action class get invoked. We can easier re-create the session object, but we lost the attributes we set in the last session. The following action classes will need those attriutes. I am wondering why the session keep valid if I login to the page again without closing browser. But the session get lost if I open another browser to log in. And another interesting thing is the session get lost in another place in the production enviroment. I am not sure this is a tomcat issue or a struts issue. Michael, any help will be greatly appreciated. - Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: Container Managed Security and mod_jk/Static Contents
If I use htaccess, is the user not going to be prompted an authentication dialog? That would be not so nice, if the user has already completed the form based authentication, and then has to authenticate for htaccess as well. I guess what I want to do is simply not possible and doesn't make sense. If Tomcat is "bypassed" by Apache for static content, how should it handle security for these requests. Edao, Aliye schrieb: Hi, Why don`t you use Apache to protect your static contents?? You might want to use .htaccess ?? http://www.csoft.net/docs/micro/htaccess.html.en Mit freundlichem Gruß / kind regards Dr. Aliye Edao -Ursprüngliche Nachricht----- Von: Torsten Römer [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 17. Juni 2005 00:42 An: Tomcat Users List Betreff: Container Managed Security and mod_jk/Static Contents Hello! In order to improve performance for static contents I have setup Apache with mod_jk. Now only Struts' *.do requests are served by Tomcat, the rest is done by Apache. Works fine. Now I want to restrict access to some resources using using container managed security. That also works fine, but, and that is now my question: I also want to protect static contents, but that won't work with container managed security, because these requests are handled by Apache and don't even make it to Tomcat. Of course I could just mount the contents to be protected to Tomcat, but then I'll lose the performance advantage of having them served by Apache. Do I have to live with that or do I have a stupid setup? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Container Managed Security and mod_jk/Static Contents
Sorry, should have mentioned that. Using form based authentication. Gurumoorthy schrieb: how do you authenticate ? basic ? form based ? - Original Message - From: "Torsten Römer" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, June 16, 2005 11:42 PM Subject: Container Managed Security and mod_jk/Static Contents Hello! In order to improve performance for static contents I have setup Apache with mod_jk. Now only Struts' *.do requests are served by Tomcat, the rest is done by Apache. Works fine. Now I want to restrict access to some resources using using container managed security. That also works fine, but, and that is now my question: I also want to protect static contents, but that won't work with container managed security, because these requests are handled by Apache and don't even make it to Tomcat. Of course I could just mount the contents to be protected to Tomcat, but then I'll lose the performance advantage of having them served by Apache. Do I have to live with that or do I have a stupid setup? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Container Managed Security and mod_jk/Static Contents
Hello! In order to improve performance for static contents I have setup Apache with mod_jk. Now only Struts' *.do requests are served by Tomcat, the rest is done by Apache. Works fine. Now I want to restrict access to some resources using using container managed security. That also works fine, but, and that is now my question: I also want to protect static contents, but that won't work with container managed security, because these requests are handled by Apache and don't even make it to Tomcat. Of course I could just mount the contents to be protected to Tomcat, but then I'll lose the performance advantage of having them served by Apache. Do I have to live with that or do I have a stupid setup? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Class.forName() gives NoClassDefFoundError
Hello! I am currently trying to migrate a webbased cashregister system from BEA Weblogic 6.1/JDK 1.3.1 to Tomcat 5.0.25/JDK 1.4.2. After making some minor changes the application seems to work, and it also seems to run a lot faster. I have one problem though: The application does a lot of Class.forName(), which occasionally fails with a NoClassDefFoundError. One time everything seems to work fine, another time, after a restart of Tomcat, I sometimes get this error. In a pretty old post here I read that I have to add the classes in question (they are all in WEB-INF/classes) to Tomcat's classpath, so that the classloader can find them. Does this still apply? Or have I overlooked some setting, that for example preloads classes or something like that? Greetings, Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: configure tomcat to protect authentification
henry human said: > Hey, > i'm new in Tomcat. I installed tomcat 4.1.29 and Why do you use such an old version? I'd recommend to use Tomcat 5 or maybe even 5.5 > create some Servlets and put dem to > Tomcat_Home/webapps/MyProject/WEB-INF/classes > Now i will, that tomcat ask for login, for the > first time if client access my web application under > > MyProject directory. > What should i change in server.xml or elsewhere ? > thanks for any Hints > You could use Container Managed Security: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html If you need some example setup I could help out. Torsten > > > > ___ > Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier > anmelden: http://mail.yahoo.de > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where are the results of a System.out.println command ?
Jean-Luc Douville said: > I am running a servlet under Mac Os X Tomcat jakarta-tomcat-5.0.28. > That servlet has a > System.out.println("userAgent ** : "+userAgent); command. On my PC i > found the result of > the same command (and other) in the DOS window that logs the tomcat's > processes (serving the > same servlet). > > On the Mac i can't find any log ... Doesn't System.out usually go to catalina.out in Tomcat's logs directory? > I send the requests to the servlet with a browser, the parameters are > in the URL (GET method). > > Thanks. > -- > > Jean-Luc Douville > GRAVIR/iMAGIS,INRIA,ave de l'Europe, Montbonnot 38334 Saint Ismier > Cedex Tel: (+33) 4.76.61.54.28 -- Fax: (+33) 4.76.61.54.40 > > - > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Performing an action on form-based login
This question has been asked (and answered to) earlier, but I am still unsure: I am using container managed security with form-based authentication. I am really happy with how it works. But now I would like to perform an action when a user has authenticated, such as loading user preferences and store them in the session. First I thought I could use a HttpSessionListener for that. Now I know when a new session has been created, but what I am missing is the username. The only way to get it seems to be from a request using getRemoteUser(). Or am I wrong? I really hope I am... I read about setting up a filter but then read somewhere else that this is not reliable. I also found this article "Active Authentication" http://java.sys-con.com/read/37660.htm which sounds interesting but the link to the source code is broken, so I don't get how to implement that. Can someone help me out? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]