I am using the HttpSessionBindListner to notify the session events (
to know when the user loged in, logout or session timeout). This was
worked fine in resin. With tomcat6 when we stop the tomcat the listner
is notifying the unbound event. Once we start the tomcat the previous
user
Hello all,
I'm trying to configure a Tomcat 6 server with SSL using the Windows-My
provider from java 6. I've been able to do it in Windows XP and it works
perfectly, but when executing in Windows 2003, tomcat is not able to open
the keystore (it says it cannot find .keystore file, althought the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 6.0.16 stable. This release includes many bugfixes over Apache
Tomcat 6.0.14.
Apache Tomcat 6.0 includes new features over Apache Tomcat 5.5,
including support for the new Servlet 2.5 and JSP 2.1 specifications, a
From: Jan Mönnich [mailto:[EMAIL PROTECTED]
we have a very sensitive webapp that requires the input of a password
when the tomcat server starts. We don't want to store this password
in a file. One way we've already tested could be the use of a JDialog
with a JPasswordField that is shown in
David, Christopher
Thank you for sharing your thoughts.
It seems to me that there is no standard solution to this problem, but you
agree with me that the problem exists.
As I mentioned before, I came up with a solution that looks promising.
Here's a rough description, I'd welcome your
I think this is worth submitting a security issue request on tracker, to
ask that, at least, the container links the requester IP to the session.
Changing session ID upon login in container would be a good thing imho,
it would ensure ID become unknown to attacker after login, wouldn't
destroy
Hello All,
I actually sent this yesterday, but never saw it show up in the archive or
in my inbox so trying again. Sorry if y'all are getting this twice.
I'm having a problem setting up clustering in Tomcat 6.0 on RedHat ES 4.
I'm hoping someone can help me with this. I'm using a very
I'm not familiar with servlet mappings. I just enabled the invoker servlet
because the book I'm reading told me to, and it said to use the '/servlet/*'
mapping. Which one should I use?
--
From: Caldarale, Charles R [EMAIL PROTECTED]
Sent:
Hi,
I am memory profiling a webapp for my company because we suspect it
has memory leaks when redeploying. This webapp has to be redeployed
several times a week for security reasons (most of the time it is
undeployed) and the memory leaks forced us to shutdown tomcat once a
week to avoid
Filip . . . you are most definitely the man. That solved my problem. I
Added -Djava.net.preferIPv4Stack=true to the start options in catalina.sh
and now my servers are communicating beautifully. Thanks a million.
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
Mark Osborne
Web Systems Engineer
Hi Bruno,
I finally got the whole cert chain, but the real problem is that
I can't get it through the
request.getAttribute(javax.servlet.request.X509Certificate), I only
got it using the request.getAttribute(SSL_CLIENT_CERT_CHAIN_n).
I read an e-mail that you stated:
In Tomcat,
---
HARBOR: http://coolharbor.100free.com/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
Making the Java dream come true.
Thank you very much, that did the trick.
--
View this message in context:
http://www.nabble.com/tomcat-5.5.9-aliases-tp15341478p15363120.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new
---
HARBOR: http://coolharbor.100free.com/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
Making the Java dream come true.
Diego Rodríguez Martín wrote:
I have made a simple webapp with 2 jsp and a taglibrary, and the
memory leak is still there, so I guess there is no cleaning of
CacheEntry resources at context shutdown.
Have I found a memory leak in Tomcat?
Quite probably.
Is my explanation correct
Ahh... tomcat/servlet spec 101 questions.
Here's the scoop:
1. Don't enable the invoker servlet unless you have an unbelievably
excellent reason for it. If you are just starting to learn servlet
technology, you are better off learning best practices up front. Mess
with the invoker after
I certainly don't speak for everyone, but in the past I've either
provided an external folder for upload storage or a database. As far as
security goes, I don't see these being much if any different than
storing the files inside the webapp. In some ways you may get better
access control as
From: Bob the BlueBerry [mailto:[EMAIL PROTECTED]
Subject: Re: SecurityException when starting TomCat
I just enabled the invoker servlet because the book
I'm reading told me to, and it said to use the
'/servlet/*' mapping. Which one should I use?
Throw that book away and read the
From: Murthy Chelankuri [mailto:[EMAIL PROTECTED]
Subject: problem with HttpSessionBindListner
Is there any way to know about the valid sessions at the
startup of the tomcat?.
See section 10 of the servlet spec. You need to implement a
HttpSessionActivationListener to catch passivations
Hello ilene, in fear of retribution I must give you the standard:
http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html
Moreover, you might want to learn and understand the web application deployment
file system hierarchy as it exists under the Tomcat installation. The TC file
Hi,
i have a rather large webapp with spring and hibernate which takes some time
to startup (30 seconds)
when i redeploy this webapp the application is not available for 30 seconds
until everything is loaded.
I looked at hot deployment but this is only about not restarting tomcat, but
tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2008-0002: Tomcat information disclosure vulnerability
Severity: important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 6.0.5 to 6.0.15
Description:
If an exception occurs during the processing of parameters (eg if the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-5333: Tomcat Cookie handling vulnerabilities
Severity: low - Session hi-jacking
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.1.0 to 4.1.36
Tomcat 5.5.0 to 5.5.25
Tomcat 6.0.0 to 6.0.14
Description:
The previous fix
running your config, the print out is
Feb 8, 2008 10:13:51 AM
org.apache.catalina.tribes.membership.McastServiceImpl setupSocket
INFO: Setting cluster mcast TTL to 15
and that executes the code
if ( mcastTTL = 0 ) {
if(log.isInfoEnabled())
log.info(Setting
---
HARBOR: http://coolharbor.100free.com/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
Making the Java dream come true.
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
I can turn cookies on or off but I don't see a similar setting for
URL rewriting.
I've already made my peace with requiring cookies for other reasons.
Possible? Downsides?
I'm seeing a lot of double fetching of content (JavaScript
See Thread at: http://www.techienuggets.com/Detail?tx=16694 Posted on behalf of
a User
hi. i have an iphone and i try to downgrade it with ibrickr. it seems to work
but i have a big problem. your program is start running stops and restart
iphone. i dont know what to do. please help me . thanks
27 matches
Mail list logo
