Hello,
I'm new to JSP development (and to dynamic web development as a whole)
so please bear with me. I'm investigating using JSP/Java for a project
at my workplace. My system (test server, if you will) is a PC running
Windows XP Pro and I am using Tomcat 5.5.9.
I have a situation where I want
> From: Gagnon, Joseph M (US SSA)
[mailto:[EMAIL PROTECTED]
> Subject: Problem with security?
>
> I have a situation where I want to be able to provide user access
> to an application by determining the identity of the requesting
> user, without them having to go through a login procedure.
Those
> From: Gagnon, Joseph M (US SSA)
> I have a situation where I want to be able to provide user
> access to an
> application by determining the identity of the requesting
> user, without
> them having to go through a login procedure.
OK. So what identity can the browser present that you wish to
Look into the ServletRequest interface. That interface, which is extended
in HttpServletRequest. You can call the getRemoteAddr(), getRemoteHost(),
etc. methods. You receive null in your getRemoteUser because the user
hasn't been 'authenticated' yet.
On 10 Jun 2005, Gagnon, Joseph M (US SSA)
If they are under WEB-INF/classes then should be in your classpath,
unless something is really wrong, so you can access them using
getClass().getResourceAsStream("/full/path/from web-inf_class") or
getClass().getResourceAsStream("relativepath_from_class").
or use getClass().getResource().
if
Normally I place log4j.jar with my webapp. However, I have a number of
libraries that need to be shared across various webapps. These need to
do logging as well. should i place a version of log4j in shared/lib?
Should I still keep the versions in each WEB-INF/lib too? Where do i
place the log4j
I start tomcat 5.5.9 as a service providing the option
-Dcom.sun.management.jmxremote in the configuration panel. When I run
jconsole, there are no java processes available to connect to. jps also
displays nothing. Is this possible?
thanks
I believe I've covered that all in my original message. Read further.
-Original Message-
From: egan0019 [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:10 AM
To: Tomcat Users List
Subject: Re: Problem with security?
Look into the ServletRequest interface. That interface, which
hi,
You would normally place any shared libraries (JARs) in the shared/lib
folder only.
If you also place it in your /WEB-INF/lib then tomcat would complain.
(wierd exceptions etc..)
HTH,
Anoop
On 6/10/05, teknokrat <[EMAIL PROTECTED]> wrote:
>
> Normally I place log4j.jar with my webapp. H
Hi, this is my first message on the list, so, i accept any comments
about my poor english :(.
The problem:
I have installed Tomcat4.1/Sun j2sdk on a debian 3.1 (sarge). Yesterday,
it works fine, but today, I have added a new context using the web
administrator. Then, I put some JSP files on th
I think you have missed the point that you cannot get user information
unless the user authenticates. You don't want to have a user authenticate
but you want to get user information. These are mutually exclusive tasks.
If the user does not authenticate, you can only get the external IP address
of
Did I not say that I'm new to this?
I made no mention to whether or not I was trying to make it secure.
This is only meant to be used within my company's intranet and my
intention was to take the user account and then compare it with a set of
registered users in the application's DB.
I am beginni
Thanks Bill,
So if I can only use the http method, then I assume I should be able to
make the code work using the newer MX4J HTTPConnector? Or am I missing
something.
Anyone have a code snippet using the HTTPConnector to connect to Tomcat's
Mbean server? I seem to be having trouble getting the u
Hi,
>
> I want to load some files that I've placed in the WEB-INF/classes
> directory of my project (particularly the file log4j.properties).
>
> The problem is that I always have the same errors logged in stdout
> tomcat's log file : java.io.FileNotFoundException...
>
you can load your prop
Try basic authentication. The browser will cache the user name and password
and it will only expire when the browse closes.
Read in the documents on how to configure the authentication. You might
require authentication for all protocols and use BASIC authentication. This
will make it easier for th
Which Sun j2sdk did you install 1.4 or 1.5?
If you installed the Debian-Tomcat 4 package and are using JDK 1.4, try to
restart tomcat by typing /etc/init.d/tomcat4 restart
The Debian package installs a script named tomcat4 in /etc/init.d to start
Tomcat when the system is started but you can als
Hi Joe,
To summarize the point that all of these others folks were making;
Tomcat by itself has no way of interrogating the operating system of
the connecting machine or noticing through the information that it
gets from then browser that the user is a particular person. Tomcat
can only tell you f
Hi There,
I am running Tomcat 5.5.9 in production, using 1 tomcat instance to
service several websites (each with their own hostname) via virtual
hosts. I have Apache 2 running in front of Tomcat, connecting via
mod_jk.
I am having OutOfMemory issues, and have noticed that, due to my webapps
str
You might consider the following:
1) if you wrote log4j.properties on one platform and uploaded it to another,
perhaps the format got mangled. Check to be sure that log4j.properties is
actually "log4j.properties", without some special, non-printable and hidden
character on the end of the filename.
There are some pretty good resources for getting started on Servlet/JSP
stuff; try the O'Reilly books, especially the latest version of their
JSP book.
I suggest that you need to think of what you are wanting to do in 2 phases:
1. Login
2. Authenticate (using values supplied by login).
Hi all, I installed apache2+tomcat+modjk in solaris 10, I configured
based in cookbook from the site:
http://jakarta.apache.org/tomcat/connectors-doc/howto/apache.html
The connector is works well, but using virtual host, the apache direct
for the directory
/usr/local/tomcat/webapps/ROOT. how I can
I have a Tomcat server serving some dynamic JSP pages, which use
JavaBeans. After modifying the JavaBeans used by the home page, it
seems that Tomcat still serves the old home page. The problem persists
even Tomcat was restarted. However, if I entered the full URL of the
home page (including the fi
Does your profiling tool tell you the classes of the objects being
created? Can you take a snapshot at two points in time, compare them and
see what is different? If we know the class of the objects being
created, it gives us a pretty good pointer as to where to start looking.
Without this inf
Hi,
I have a Tomcat 5.5.7 standalone webserver running on my machine, recently
I got a security scan warning of "ApacheServerTokenNotSet".
Does anyone know how to configure the Tomcat 5.5.7 to pass this security
scan? I know there is a 'ServerTokens' directive for Apache Web
Server that I can
Try setting the server parameter on the connector. See
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html
Mark
Gao, Frank wrote:
Hi,
I have a Tomcat 5.5.7 standalone webserver running on my machine, recently
I got a security scan warning of "ApacheServerTokenNotSet".
Does anyo
Not if you are using mutually authenticated SSL.
On 6/10/05, Caldarale, Charles R <[EMAIL PROTECTED]> wrote:
> > From: Gagnon, Joseph M (US SSA)
> [mailto:[EMAIL PROTECTED]
> > Subject: Problem with security?
> >
> > I have a situation where I want to be able to provide user access
> > to an appli
Sorry,
I was off for a while.
It seems my problem comes in with Java1.5. I am not sure. I tried to
set it up as shown below. Solves the GET problem.
I use a filter. Solves nothing. I set it up in the struts-config file.
No effect. It seems that something in between sets the request input
stream
What the server parameter value should be in order to pass the security
scan?
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 2:14 PM
To: Tomcat Users List
Subject: Re: Tomcat Web Server "ServerTokenNotSet" Vulnerability
Try setting the server
Try deleting the browser cache -sometimes thats the problem.
HTH,
Anoop
On 6/10/05, TK <[EMAIL PROTECTED]> wrote:
>
> I have a Tomcat server serving some dynamic JSP pages, which use
> JavaBeans. After modifying the JavaBeans used by the home page, it
> seems that Tomcat still serves the old hom
Hi,
We have the apache and tomcat integrated together in
our environment. We use tomcat 4.1.20 and Apache 2.0.
In our apache logs we keep seeing this error.
ERROR: can't receive the response message from tomcat,
network problems or tomcat is down. err=-1
We certainly know that the tomcat server w
No idea. Try "", " ", "Tin foil hats R us" or something similar. I am
not even sure this is why your scanner is reporting a problem.
Mark
Gao, Frank wrote:
What the server parameter value should be in order to pass the security
scan?
-Original Message-
From: Mark Thomas [mailto:[EMAI
Hi There,
I am running Tomcat 5.5.9 in production, using 1 tomcat instance to
service several websites (each with their own hostname) via virtual
hosts. I have Apache 2 running in front of Tomcat, connecting via
mod_jk.
I am having OutOfMemory issues, and have noticed that, due to my webapps
str
Hi,
thanks to all who tried to help. In my case the fault was, the Character
Encoding filter was not the first filter in the queue.
The other hints: Setting the URIEncoding in the connectors and so
on are useful as well. Sometimes you also must set the environment
variable LC_CTYPE to something l
I have experienced similar kind of memory leak, but that was while
reloading the context. There was a steady increase in the memory usage
after each autoReload of my struts 1.2.7-hibernate 2.1.8 powered
webApp in Tomcat 5.5.7/JDK 1.5/Fedora Core 2.
At the beginning: the process memory used by tomca
Is there a way to, at runtime, check if a variable is declared? I have
some code that I want to behave differently depending on whether or not
a variable has been declared. I tried using a try catch block but it
gets caught at compile time.
Thanks
Charles
---
Gagnon, Joseph M (US SSA) wrote:
Did I not say that I'm new to this?
I made no mention to whether or not I was trying to make it secure.
This is only meant to be used within my company's intranet and my
intention was to take the user account and then compare it with a set of
registered users in
Hi,
I've noticed that when I use the "admin" web app (the default one that
comes with
tomcat distribution) and click on "commit changes", the SSL connector
entry
in server.xml seems to get corrupted. As a result, tomcat can not be
restarted. This happens
whether or not I actually change any pa
If it is a class member you could conceivably use reflection to see if a
given object/class has a member you name... if it's local though, no,
it's a purely compile-time check.
Do you really mean declared or do you perhaps mean initialized?
Frank
Charles P. Killmer wrote:
Is there a way to,
Ed Hamilton wrote:
Mark,
Thanks for the response. I'm repling to you directly - if that's wrong,
please let me know.
Please always reply to the list. This is for two reasons:
- The extra information you provide might be enough for someone else
to help you even if the original respondent can
teknokrat wrote:
Normally I place log4j.jar with my webapp. However, I have a number of
libraries that need to be shared across various webapps. These need to
do logging as well. should i place a version of log4j in shared/lib?
Should I still keep the versions in each WEB-INF/lib too? Where do
How can I get this type of stuff to stop printing in my catalina_log
files:
2005-06-10 00:00:14 RequestDumperValve[Standalone]:
header=3Daccept-charset=3Diso-8859-1,*,utf-8
2005-06-10 00:00:14 RequestDumperValve[Standalone]:
header=3Daccept-encoding=3Dgzip
2005-06-10 00:00:14 Requ
41 matches
Mail list logo