Re: http session lost between struts action
But they use Struts, where URL rewriting is done automatically if cookies are disabled, presumed the relevant tags are used rather than plain HTML links, for example. Maybe that's the problem, that in some link, form action or redirect the jsessionid is missing. Then of course the session is lost. Torsten Charl Gerber schrieb: If your session data is stored as a session cookie (I *think* this is default behaviour), then your session will get lost if you have cookies disabled on your browser. --- angelina zh [EMAIL PROTECTED] wrote: Michael, Thank you so much for your reply. The login page is a JSP page. In the JSP page, the login form's mothod is post and the action is a struts action. After login, we did some internal redircts for security checking and then take the user to the welcome page. The welcome page is generated from XML using xslt. We have a FrontController which extends ActionServlet from struts to handle request and response. I kept very close watching of the requests. I am very sure that the session has been established on the login page and kept valid till the welcome's action got invoked and the welcome page got constructed. After I clicked one of the links on the welcome page, I noticed that when the FrontController got invoked, the session had became to null. So we lost session before the next action class get invoked. We can easier re-create the session object, but we lost the attributes we set in the last session. The following action classes will need those attriutes. I am wondering why the session keep valid if I login to the page again without closing browser. But the session get lost if I open another browser to log in. And another interesting thing is the session get lost in another place in the production enviroment. I am not sure this is a tomcat issue or a struts issue. Michael, any help will be greatly appreciated. - Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: Container Managed Security and mod_jk/Static Contents
If I use htaccess, is the user not going to be prompted an authentication dialog? That would be not so nice, if the user has already completed the form based authentication, and then has to authenticate for htaccess as well. I guess what I want to do is simply not possible and doesn't make sense. If Tomcat is bypassed by Apache for static content, how should it handle security for these requests. Edao, Aliye schrieb: Hi, Why don`t you use Apache to protect your static contents?? You might want to use .htaccess ?? http://www.csoft.net/docs/micro/htaccess.html.en Mit freundlichem Gru / kind regards Dr. Aliye Edao -Ursprngliche Nachricht- Von: Torsten Rmer [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 17. Juni 2005 00:42 An: Tomcat Users List Betreff: Container Managed Security and mod_jk/Static Contents Hello! In order to improve performance for static contents I have setup Apache with mod_jk. Now only Struts' *.do requests are served by Tomcat, the rest is done by Apache. Works fine. Now I want to restrict access to some resources using using container managed security. That also works fine, but, and that is now my question: I also want to protect static contents, but that won't work with container managed security, because these requests are handled by Apache and don't even make it to Tomcat. Of course I could just mount the contents to be protected to Tomcat, but then I'll lose the performance advantage of having them served by Apache. Do I have to live with that or do I have a stupid setup? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Container Managed Security and mod_jk/Static Contents
Sorry, should have mentioned that. Using form based authentication. Gurumoorthy schrieb: how do you authenticate ? basic ? form based ? - Original Message - From: Torsten Rmer [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, June 16, 2005 11:42 PM Subject: Container Managed Security and mod_jk/Static Contents Hello! In order to improve performance for static contents I have setup Apache with mod_jk. Now only Struts' *.do requests are served by Tomcat, the rest is done by Apache. Works fine. Now I want to restrict access to some resources using using container managed security. That also works fine, but, and that is now my question: I also want to protect static contents, but that won't work with container managed security, because these requests are handled by Apache and don't even make it to Tomcat. Of course I could just mount the contents to be protected to Tomcat, but then I'll lose the performance advantage of having them served by Apache. Do I have to live with that or do I have a stupid setup? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Funny JAR file, WAS: Class.forName() gives NoClassDefFoundError
Just want to follow up on this. Originally, the classes under /WEB-INF/classes were in a JAR file, which I put in /WEB-INF/lib, but like this I always got NoClassDefFoundError. So I thought there may be something wrong with the JAR file. I then zipped the classes manually and replaced the JAR file with that. And see there: No more NoClassDefFoundErrors. The application JAR is, like the WAR file, created by an Ant task. It can be opened/extracted without problems, but if I put it in Tomcat, I always get NoClassDefFoundError. If I zip the classes manually, it works just fine... Is this an Ant or Tomcat issue? Torsten Torsten Römer schrieb: Hello! I am currently trying to migrate a webbased cashregister system from BEA Weblogic 6.1/JDK 1.3.1 to Tomcat 5.0.25/JDK 1.4.2. After making some minor changes the application seems to work, and it also seems to run a lot faster. I have one problem though: The application does a lot of Class.forName(), which occasionally fails with a NoClassDefFoundError. One time everything seems to work fine, another time, after a restart of Tomcat, I sometimes get this error. In a pretty old post here I read that I have to add the classes in question (they are all in WEB-INF/classes) to Tomcat's classpath, so that the classloader can find them. Does this still apply? Or have I overlooked some setting, that for example preloads classes or something like that? Greetings, Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.9: NamingException cannot be resolved or is not a type - JNDI, MySQL
Greg Brownell schrieb:
I have. Here is what I have at top of jsp:
%@ page import=java.sql.* %
%@ page import=javax.sql.DataSource %
%@ page import=javax.naming.InitialContext %
%@ page import=javax.naming.Context %
%@ page import=java.io.File %
You are missing javax.naming.NamingException (or do javax.naming.*)
Torsten
Greg.
Arnaud HERITIER wrote:
You must import the classes you use in your JSP :
%@ page import={package.class | package.*}, ... ...
Arnaud
-Message d'origine-
De : Greg Brownell [mailto:[EMAIL PROTECTED] Envoyé : mercredi 8
juin 2005 21:34
À : tomcat-user@jakarta.apache.org
Objet : Tomcat 5.5.9: NamingException cannot be resolved or is not a
type - JNDI, MySQL
I get the error below when trying to compile/execute a jsp that wants
to connect to a MySQL db named
testdb. Here's the code snippet from testdb.jsp:
InitialContext initCtx = null;
DataSource ds = null;
Connection conn = null;
Statement stmt = null;
ResultSet rset = null;
try {
initCtx = new InitialContext();
ds = (DataSource)initCtx.lookup(java:comp/env/jdbc/testdb);
conn = ds.getConnection();
stmt = conn.createStatement();
rset = stmt.executeQuery(select * from subscriber);
It fails on the lookup with:
org.apache.jasper.JasperException: Unable to compile class for JSP
An error occurred at line: 52 in the jsp file: /testdb.jsp Generated
servlet error:
NamingException cannot be resolved or is not a type
org.apache.jasper.compiler.DefaultErrorHandler.javacError(Defa
ultErrorHandler.java:84)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDis
patcher.java:328)
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompil
er.java:397)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:288)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:267)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:255)
org.apache.jasper.JspCompilationContext.compile(JspCompilation
Context.java:556)
org.apache.jasper.servlet.JspServletWrapper.service(JspServlet
Wrapper.java:293)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet
.java:291)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
I am using MySQL 4.1.12a (Windows nt), Connector/J v 3.1.8
Connector/j stuff moved to common/lib
Tomcat: under webapps, app name testdb.
testdb/WEB-INF/web.xml:
?xml version=1.0 encoding=ISO-8859-1? web-app
xmlns=http://java.sun.com/xml/ns/j2ee;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd;
version=2.4
display-nametestdb/display-name
description
db test site
/description
resource-ref
descriptionTomcat DBCP/description
res-ref-namejdbc/testdb/res-ref-name
res-typejavax.sql.DataSource/res-type
res-authContainer/res-auth
/resource-ref
/web-app
conf/Catalina/localhost/testdb.xml:
?xml version=1.0 encoding=UTF-8?
Context
path=/Search docBase=Search
debug=1crossContext=true
reloadable=true
ResourceLink name=jdbc/testdb type=javax.sql.DataSource
global=jdbc/testdb/ /Context
conf/server.xml:
GlobalNamingResources
Environment
name=simpleValue
type=java.lang.Integer
value=30/
Resource
auth=Container
description=User database that can be updated and saved
name=UserDatabase
type=org.apache.catalina.UserDatabase
pathname=conf/tomcat-users.xml
factory=org.apache.catalina.users.MemoryUserDatabaseFactory/
Resource
name=jdbc/testdb
auth=Container
type=javax.sql.DataSource
factory=org.apache.commons.dbcp.BasicDataSourceFactory
username=
password=
removeAbandonedTimeout=60
maxActive=4
maxIdle=2
removeAbandoned=true
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/testdb?autoReconnect=true/
/GlobalNamingResources
Any ideas why this doesn't work?
By the way, I've tried moving the Resource lines in server.xml to
testdb.xml (the context file) and replaced the resource-link. Same
error.
Thanks in advance.
Greg.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Funny JAR file, WAS: Class.forName() gives NoClassDefFoundError
Jason Bainbridge schrieb: On 6/8/05, Torsten Römer [EMAIL PROTECTED] wrote: Just want to follow up on this. Originally, the classes under /WEB-INF/classes were in a JAR file, which I put in /WEB-INF/lib, but like this I always got NoClassDefFoundError. So I thought there may be something wrong with the JAR file. I then zipped the classes manually and replaced the JAR file with that. And see there: No more NoClassDefFoundErrors. The application JAR is, like the WAR file, created by an Ant task. It can be opened/extracted without problems, but if I put it in Tomcat, I always get NoClassDefFoundError. If I zip the classes manually, it works just fine... Sounds more like a classloader/classpath problem, NoClassDefFoundError means it is finding multiple copies of the class. Doesn't NoClassDefFoundError mean, that the class in question was present at compile time but is now missing at runtime? Are you setting your system classpath as well by any chance? If you are then you shouldn't be. I don't, CLASSPATH is unset. I am pretty sure now, that the problem is the JAR file as created by the Ant task of the project's build.xml. If I just zip the classes manually, and use that instead of the JAR file, everything works just fine. I will now check the JAR task, update Ant, build on another machine and so on to see if that makes any differences. Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Class.forName() gives NoClassDefFoundError
Hello! I am currently trying to migrate a webbased cashregister system from BEA Weblogic 6.1/JDK 1.3.1 to Tomcat 5.0.25/JDK 1.4.2. After making some minor changes the application seems to work, and it also seems to run a lot faster. I have one problem though: The application does a lot of Class.forName(), which occasionally fails with a NoClassDefFoundError. One time everything seems to work fine, another time, after a restart of Tomcat, I sometimes get this error. In a pretty old post here I read that I have to add the classes in question (they are all in WEB-INF/classes) to Tomcat's classpath, so that the classloader can find them. Does this still apply? Or have I overlooked some setting, that for example preloads classes or something like that? Greetings, Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where are the results of a System.out.println command ?
Jean-Luc Douville said: I am running a servlet under Mac Os X Tomcat jakarta-tomcat-5.0.28. That servlet has a System.out.println(userAgent ** : +userAgent); command. On my PC i found the result of the same command (and other) in the DOS window that logs the tomcat's processes (serving the same servlet). On the Mac i can't find any log ... Doesn't System.out usually go to catalina.out in Tomcat's logs directory? I send the requests to the servlet with a browser, the parameters are in the URL (GET method). Thanks. -- Jean-Luc Douville GRAVIR/iMAGIS,INRIA,ave de l'Europe, Montbonnot 38334 Saint Ismier Cedex Tel: (+33) 4.76.61.54.28 -- Fax: (+33) 4.76.61.54.40 - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: configure tomcat to protect authentification
henry human said: Hey, i'm new in Tomcat. I installed tomcat 4.1.29 and Why do you use such an old version? I'd recommend to use Tomcat 5 or maybe even 5.5 create some Servlets and put dem to Tomcat_Home/webapps/MyProject/WEB-INF/classes Now i will, that tomcat ask for login, for the first time if client access my web application under MyProject directory. What should i change in server.xml or elsewhere ? thanks for any Hints You could use Container Managed Security: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html If you need some example setup I could help out. Torsten ___ Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performing an action on form-based login
Hi Ross, Ross Nicoll schrieb: We're having more or less the same problem. Is there perhaps a chance of a UserFormLoginListener in a future version of Tomcat? Anyone have any advice on this? Such a listener would be nice... I now went for a filter (as seen in another post) and I am very satisfied with how it works. I mapped the filter to the URL-pattern /* so all requests go to it. In the doFilter() method I use request.getRemoteUser() to differentiate between an authenticated and a guest session. Then I store some User object in the session and use it to check if the session is new or if a user has just logged in. If you like I post some details. Some reliable method for logging out a user would also be extremely useful. This you probably know anyway, but I use request.getSession(false).invalidate() and then I redirect to the main page. As I understand the new request made by the redirect causes a clean new session to be created. At least I can say it works fine for me. On 5/22/05, Torsten Römer [EMAIL PROTECTED] wrote: This question has been asked (and answered to) earlier, but I am still unsure: I am using container managed security with form-based authentication. I am really happy with how it works. But now I would like to perform an action when a user has authenticated, such as loading user preferences and store them in the session. First I thought I could use a HttpSessionListener for that. Now I know when a new session has been created, but what I am missing is the username. The only way to get it seems to be from a request using getRemoteUser(). Or am I wrong? I really hope I am... I read about setting up a filter but then read somewhere else that this is not reliable. I also found this article Active Authentication http://java.sys-con.com/read/37660.htm which sounds interesting but the link to the source code is broken, so I don't get how to implement that. Can someone help me out? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Performing an action on form-based login
This question has been asked (and answered to) earlier, but I am still unsure: I am using container managed security with form-based authentication. I am really happy with how it works. But now I would like to perform an action when a user has authenticated, such as loading user preferences and store them in the session. First I thought I could use a HttpSessionListener for that. Now I know when a new session has been created, but what I am missing is the username. The only way to get it seems to be from a request using getRemoteUser(). Or am I wrong? I really hope I am... I read about setting up a filter but then read somewhere else that this is not reliable. I also found this article Active Authentication http://java.sys-con.com/read/37660.htm which sounds interesting but the link to the source code is broken, so I don't get how to implement that. Can someone help me out? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
