Thanks for your reply Chris. No I'm not confident a restart would fix it.
Having said that I haven't seen the ssl handshake problem since yesterday
(which might be because the app hasn't tried the address yet) so waiting to see
if it happens again. Unfortunately I don't have a way to invoke it.
On 11/10/11 22:24, Christopher Schultz wrote:
I'm not an expert at SSO, nor have I ever used it on any of my
projects. All my answers should be considered suspicious :)
So, it looks like the Valve should *not* be expiring your SSO when the
static webapp's session expires. Can you confirm that
2011/10/12 Brian Burch br...@pingtoo.com:
I've successfully run a remote debugger session against the SingleSignOn
Valve while it is handling my timeout scenario.
Interestingly, the logic to handle the timeout of a single webapp is exactly
as I wanted it to be... only the specific Session is
On 12/10/11 12:51, Konstantin Kolinko wrote:
Something becomes clearer.
Remembering the session as associated with ssoid is performed by
SingleSignOn.associate(..) method. This method is called by
AuthenticatorBase class.
Those webapps with long living sessions - are they protected by
security
Found out the reason for the ssl handshake error. The certificate chain was in
the wrong order (being server certificate, Root CA, Intermediate, instead of
server certificate, Intermediate, Root CA).
-Original Message-
From: Edward Quick [mailto:edward.qu...@iggroup.com]
Sent: 12
Hi,
I have a reverse proxy configuration like this:
VirtualHost *:80
ServerName localhost
ProxyPreserveHost On
ProxyPass / http://localhost:8080/app1/
ProxyPassReverse / http://localhost:8080/app1/
ProxyPassReverseCookiePath /app1 /
/VirtualHost
And, I have a form-based login
My Tomcat Version: 6.0.18.0 (running under Jboss)
I'm trying to understand the script we use to deploy to our Tomcat server.
=
The scripts uses pound signs (#) instead of slashes in the path to the WAR
=
file being deployed. Let me first be clear: The script works. What I=20
DON'T understand
Tomcat 6.0.32 and java 1.6 on solaris 10
Uncommented the connector 8080 and changed port to 37799 (due to firewall
constraints)
Connector port=37799 protocol=HTTP/1.1
connectionTimeout=2
redirectPort=8443 /
added user for manager-gui and role for
Edward Quick wrote:
Thanks for your reply Chris. No I'm not confident a restart would fix it.
Having said that I haven't seen the ssl handshake problem since yesterday
(which might be because the app hasn't tried the address yet) so waiting to see
if it happens again. Unfortunately I don't
On 12/10/2011 15:55, Richard W. Adams wrote:
My Tomcat Version: 6.0.18.0 (running under Jboss)
That's old.
I'm trying to understand the script we use to deploy to our Tomcat server.
=
The scripts uses pound signs (#) instead of slashes in the path to the WAR
=
file being deployed.
Woonsan Ko wrote:
Hi,
I have a reverse proxy configuration like this:
VirtualHost *:80
ServerName localhost
ProxyPreserveHost On
ProxyPass / http://localhost:8080/app1/
ProxyPassReverse / http://localhost:8080/app1/
ProxyPassReverseCookiePath /app1 /
/VirtualHost
If it is
Hi.
[OT] How do you manage to send the text of your messages in quoted-printable
form ?
Richard W. Adams wrote:
My Tomcat Version: 6.0.18.0 (running under Jboss)
I'm trying to understand the script we use to deploy to our Tomcat server.
=
The scripts uses pound signs (#) instead of
From: Lund, Holly (CONTR) [mailto:holly.l...@hq.doe.gov]
Subject: manager trying to use JAASRealm vice tomcat-users.xml
Tomcat 6.0.32 and java 1.6 on solaris 10
Good to know; thanks.
Uncommented the connector 8080
That's very odd, since that Connector is not commented out in the standard
Umcommented the UserDatabaseRealm section
Server.xml file
?xml version='1.0' encoding='utf-8'?
!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding
- Original Message -
From: André Warnier a...@ice-sa.com
To: Tomcat Users List users@tomcat.apache.org
Cc:
Sent: Wednesday, October 12, 2011 11:52 AM
Subject: Re: redirection error due to context path after JAAS authentication
with mod_proxy
Woonsan Ko wrote:
Hi,
I
On 12/10/2011 17:51, Woonsan Ko wrote:
- Original Message -
From: André Warnier a...@ice-sa.com
To: Tomcat Users List users@tomcat.apache.org
Cc:
Sent: Wednesday, October 12, 2011 11:52 AM
Subject: Re: redirection error due to context path after JAAS authentication
with
On 12/10/11 17:51, Woonsan Ko wrote:
One simple strong reason is that I don't want to run tomcat by root.
The debian/ubuntu deb package installs tomcat6 so that it uses authbind
to listen on ports 1024, and it runs under its own non-root uid/gid. I
was very impressed when I converted from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 10/12/2011 8:53 AM, Brian Burch wrote:
My tomcat 6.0.28 compiled class for AuthenticatorBase does not
match the 6.0.33 source code I am debugging with. The SSO Valve is
pretty much the same.
So get the source for 6.0.28:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Holly,
On 10/12/2011 12:50 PM, Lund, Holly (CONTR) wrote:
Umcommented the UserDatabaseRealm section
Really?
!-- This Realm uses the UserDatabase configured in the global
JNDI resources under the key UserDatabase. Any edits that are
performed
On 12/10/11 12:35, Brian Burch wrote:
I've successfully run a remote debugger session against the SingleSignOn
Valve while it is handling my timeout scenario.
Interestingly, the logic to handle the timeout of a single webapp is
exactly as I wanted it to be... only the specific Session is
Thanks
Change to ?xml in tomcat-users.xml and uncommmenting additional Realm config
fixed issue
Holly Lund
EES, LLC,
Contractor to the
United States Department of Energy
1000 Independence Avenue, SW
Washington, DC 20585
Phone:202-586-4431
Email:holly.l...@hq.doe.gov
-Original
Scenario: use Integrated Windows Security (Kerberos/NTLM) for the site
in IIS that delegates to Tomcat.
Question: would the ISAPI connector be able to pass the Active Directory
groups (i.e. user's membership info) along to Tomcat in the request?
Question 2: if yes, could I call
Marcel Stör wrote:
Scenario: use Integrated Windows Security (Kerberos/NTLM) for the site
in IIS that delegates to Tomcat.
Question: would the ISAPI connector be able to pass the Active Directory
groups (i.e. user's membership info) along to Tomcat in the request?
I am not the ultimate
Hello
I'm using Apache Tomcat 6.0.26 for an application where the majority of the
content is hidden behind a page requiring authenticated login. This appears
to work fine but upon logout, I find I am able to browse back through some
of the pages visited in the session.
As far as I'm
From: Martin O'Shea [mailto:app...@dsl.pipex.com]
Subject: Application not logging out properly
upon logout, I find I am able to browse back through some
of the pages visited in the session.
Are you sure it's not the browser simply displaying previously cached pages?
If so, then have
Martin O'Shea wrote:
Hello
I'm using Apache Tomcat 6.0.26 for an application where the majority of the
content is hidden behind a page requiring authenticated login. This appears
to work fine but upon logout, I find I am able to browse back through some
of the pages visited in the session.
I'm using form based authentication as follows:
h2 style = text-align: lefta name = loginLogin/a/h2
form method = POST action='%=
response.encodeURL(j_security_check) %'
table border=0
tr
td align =
I would rather avoid forcing the browser to reload each page via the
appropriate headers.
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: 12 Oct 2011 22 18
To: Tomcat Users List
Subject: RE: Application not logging out properly
From: Martin
From: Martin O'Shea [mailto:app...@dsl.pipex.com]
Subject: RE: Application not logging out properly
I would rather avoid forcing the browser to reload each
page via the appropriate headers.
Then they're going to be available in the browser cache until the browser
chooses to discard them.
This is true of the current application, but also true of the other Tomcat
applications I have.
But the others don't seem to have this problem. I know the sessions are
invalidating because if I try to do something on one of the pages visited in
the session, the login page appears automatically.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 10/12/2011 5:30 PM, Caldarale, Charles R wrote:
From: Martin O'Shea [mailto:app...@dsl.pipex.com] Subject: RE:
Application not logging out properly
I would rather avoid forcing the browser to reload each page via
the appropriate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
On 10/12/2011 5:58 PM, Martin O'Shea wrote:
This is true of the current application, but also true of the other
Tomcat applications I have.
But the others don't seem to have this problem.
Which others?
I know the sessions are
I'm not disagreeing and have set a filter to this end. But it doesn't explain
why I can see the pages after session invalidation.
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 12 Oct 2011 22 59
To: Tomcat Users List
Subject: Re: Application not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
On 10/12/2011 6:01 PM, Martin O'Shea wrote:
I'm not disagreeing and have set a filter to this end. But it
doesn't explain why I can see the pages after session
invalidation.
Your web browser has an on-disk cache. It's reading the files
But I can see these pages visited in the session just invalidated by using the
browser's back button after logging out.
By other Tomcat applications, I mean other applications which have the same
arrangements and run under 6.0.26. But when I log out from one of these, I
can't see pages just
From: Martin O'Shea [mailto:app...@dsl.pipex.com]
Subject: RE: Application not logging out properly
But it doesn't explain why I can see the pages after session invalidation.
It certainly does. If the browser (or some other intermediary) is caching the
pages, they will be available for
Well, there's no intermediary: I'm seeing this in NetBeans 7.0.1 with AT
6.0.26. and if my NoCache_Filter contains this:
// Force browser not to cache pages.
HttpServletResponse hsr = (HttpServletResponse) response;
hsr.setHeader(Cache-Control, no-cache,
- it would probably require serious coding changes to do it (notably
because in the AJP protocol, there is no attribute or packet type foreseen
to pass such information per se)
- and there are some conceptual issues linked to this, essentially because
the very notion of AD/NTLM user groups
From: Martin O'Shea [mailto:app...@dsl.pipex.com]
Subject: RE: Application not logging out properly
But I can see these pages visited in the session just invalidated
by using the browser's back button after logging out.
The session state is completely irrelevant - the browser knows nothing
Not HTTPS but it worth me checking as you advise.
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: 12 Oct 2011 23 16
To: Tomcat Users List
Subject: RE: Application not logging out properly
From: Martin O'Shea [mailto:app...@dsl.pipex.com]
Then they're going to be available in the browser cache until the
browser chooses to discard them. You can't have it both ways.
The OP could set expires headers that are relatively short-lived. That
way, the client /should/ request a fresh page after, say, 30 minutes
or whatever the session
Well, it seems that using a no cache filter works for Chrome, Firefox and
IE. But Opera and Safari don't obey the rules at all.
-Original Message-
From: cjder...@gmail.com [mailto:cjder...@gmail.com] On Behalf Of chris
derham
Sent: 12 Oct 2011 23 22
To: Tomcat Users List
Subject: Re:
2011/10/12 André Warnier a...@ice-sa.com:
Hi.
[OT] How do you manage to send the text of your messages in
quoted-printable form ?
Richard W. Adams wrote:
My Tomcat Version: 6.0.18.0 (running under Jboss)
I'm trying to understand the script we use to deploy to our Tomcat server.
=
The
I have Apache (2.2.20) in front of a single Tomcat (6.0.32) instance
using mod_jk (1.2.31) with the AJP protocol.
I am getting errors like the sample below frequently (a few hundred
times a day). The server does not have a heavy load, it serves about
150 req/minute and average response time of
Correcting some information:
I am using Apache 2.2.13, mod_jk 1.2.30, Tomcat 6.0.32
On Thu, Oct 13, 2011 at 12:16 AM, Jorge Medina
cerebrotecnolog...@gmail.com wrote:
I have Apache (2.2.20) in front of a single Tomcat (6.0.32) instance
using mod_jk (1.2.31) with the AJP protocol.
I am getting
2011/10/12 Brian Burch br...@pingtoo.com:
OK, it now all makes some kind of sense. I've discovered that the Session
associated with the second webapp is never being associated with the SSO
instance created by the first webapp. However, the weird thing is that the
protected resources of the
and another piece of information: Tomcat and Apache are running in the
same machine.
On Thu, Oct 13, 2011 at 12:24 AM, Jorge Medina
cerebrotecnolog...@gmail.com wrote:
Correcting some information:
I am using Apache 2.2.13, mod_jk 1.2.30, Tomcat 6.0.32
On Thu, Oct 13, 2011 at 12:16 AM, Jorge
47 matches
Mail list logo