/multi-level-sub-context/servletname
as well as the above
http://www.domain.com/servletname
So: question is:
Can this be done ?
How is it configured ?
What are the respective context xml files named ?
Thanks
Maurice Yarrow
of the (apparently) unsolved threads in
the Spring users group, and appears to an issue only with the advent
of the # hash sign instead of the _ underscore sign formerly used
in earlier Tomcats (I am using 6.0.18).
Maurice Yarrow
Pid wrote:
On 04/11/2009 11:13, Maurice Yarrow wrote:
Hello Tomcat
as multilevelcontext.xml. What use case do
you have for such a thing?
--David
Maurice Yarrow wrote:
Hello Tomcat Users Grp and in particular, Pid and Konstantin Kolinko:
Thanks for your replies.
However, I evidently did not clearly state the problem I am having:
I can define the following context xml files
://www.domain.com/context/multi-level-subcontext)
Maurice
Caldarale, Charles R wrote:
From: Maurice Yarrow [mailto:maurice.yar...@comcast.net]
Subject: Re: Multi-level context starting at ROOT
My use-case is embedding meshcms inside my primary web app and
in a way that they can both share the same session
Eric Chow wrote:
Hello,
How can run Tomcat5.5 in Java6 ?
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
, double quote,
backslashes is required for this to be acceptable to the
serverl.xml XML readin ? (I tried a whole bunch of different
combinations but all error'ed out on startup.)
Maurice
Maurice Yarrow wrote:
Hello Tomcat community
I have tomcat (5.0.28) running behind pound (2.1.3
Rainer (and also, Martin)
Thanks, gentlemen.
Maurice
Rainer Jung wrote:
... for the quotes simply use the predefined xml entity:
quot;
Maurice Yarrow schrieb:
Hello, again, Tomcat community:
I found the answer to my own question below:
Use:
pattern=%{X-Forwarded-for}i %l %u %t
qualified.
Thanks again for helping me consider the options for
dealing with this kind of behavior.
Maurice Yarrow
Caldarale, Charles R wrote:
From: Maurice Yarrow [mailto:[EMAIL PROTECTED]
Subject: Re: Tomcat Security
BUT: the finest granularity for what can be accessed in this
mechanism
to this possibility. It was enlightening.
Maurice Yarrow
Christopher Schultz wrote:
Maurice,
Maurice Yarrow wrote:
So what I would like to know how to do is how to programmatically
bypass web.xml-based authorization and impose this authorization
on a access-case-by-case but take advantage
family only. This pw specific to these views)
private: (only you, the owner, have access - so only your
login permits you to see these views)
Presumably, most views are public, but this has to be the owner's
decision, no ?
Maurice Yarrow
Chris
Yes, the way my image server system (if I can call it such) works is
pretty much exactly what you are suggesting.
This issue, for me at least, is in the past-tense - i.e., already
working code.
And yes, as I say above, the model I devised is pretty much what you
suggested.
Maurice
Chris, Chuck
Yes, Chris: the below is the case exactly:
(Actually, galleries - and consequently their included
images and documents are authenticated, not specific images.)
So what I would like to know how to do is how to programmatically
bypass web.xml-based authorization and impose this
Chuck, Chris
(Pretty much) here are the rules:
The owner of a gallery can set its permission to public or passwd or
private. If passwd, the owner specifies (i.e., sets) a gallery-specific
password. The owner can change this anytime they like.
Additionally, owners must (of course)
., the visible URL
does not actually point to the file.
Any thoughts ?
Maurice Yarrow
Caldarale, Charles R wrote:
From: PraDz [mailto:[EMAIL PROTECTED]
Subject: Tomcat Security
How do i restrict users from entering the image/text files
path directly in the browser.
Instead of putting your
for Maurice: why are you trying to protect your images?
Do you want to stop people from ripping them off from your site?
It's not my call, but the customer's.
Maurice
Christopher Schultz wrote:
Chuck,
Caldarale, Charles R wrote:
From: Maurice Yarrow [mailto:[EMAIL PROTECTED]
Subject: Re: Tomcat
things can only make a
process slower, but apparency is important on the web.)
So the question really is:
Is apache fronting tomcat via mod_jk apparently fast ?
(to your taste and needs, of course).
Maurice Yarrow
Christopher Schultz wrote:
Barak,
we trying to connect Apache 2.2 to Tomcat
secured the apache and tomcat servers separately
up to but not including running in a chroot'd jail.)
Conclusion: I certainly hope others have less complicated requirements.
Maurice Yarrow
-
To start a new topic, e-mail: users
session ID persistence where it is permitted (across http page
transitions, across https page transitions, and across http-https page
transition)
Maurice Yarrow
Hassan Schroeder wrote:
On 9/25/06, Darren Hall [EMAIL PROTECTED] wrote:
... The client does not want to see urls
,
if required.
For this, I am also now considering fronting both tomcat and apache
with pound.
Unbelieveable, the lengths I will go to get what I want...
Maurice
Hassan Schroeder wrote:
On 9/25/06, Maurice Yarrow [EMAIL PROTECTED] wrote:
And, fronting with Apache 2.0, and using mod_proxy, I just
transition)
Maurice Yarrow
The loss of session is due to a combination of things, namely the fact that
I'm using mod_rewrite in order to add to and remove elements from the url
and the way that Tomcat binds sessions to a given context. I wanted to
filter out the app path information, so
Hello, again, Hassan
I'd like to ask a couple of questions about your
| tomcat
httpd -- mod_proxy_ajp === | tomcat
| tomcat
setup. And the reason that I'm
of
the security specification in J2EE).
Maurice Yarrow
Bob Hall wrote:
--- Darren Hall [EMAIL PROTECTED] wrote:
Peter,
You are correct. When hitting Tomcat directly, the
session remains intact.
When using mod_proxy to forward requests to Apache
the session is lost.
Is this a common issue? How can I
I can't, of course, tell you why you are not seeing persistent
session id's. However, I believe
the above shows that PERSISTENCE is normal for my webapp.
(Case of ye olde dangling participle, or something like that...)
Maurice
Maurice Yarrow wrote:
Hi Bob
I'm fronting tomcat 5.0.28
under which this occurred.)
Maurice Yarrow
Propes, Barry L wrote:
what about getRemoteHost()?
-Original Message-
From: Maurice Yarrow [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 5:30 PM
To: Tomcat Users List
Subject: Re: Session hijacking with Tomcat/Myfaces - unable to fix
ambiguity to use this approach, even as addt'l metric.
One could however assume validity of positives but ignore false
negatives, i.e., if IP in conflict with orig, assume man-in-middle
attack, but if IP agrees, must rely on other metrics to determine
possible jeopardy.
Maurice Yarrow
David Rees
/https.
Maurice Yarrow
Long wrote:
I can also imagine this company gives employees the go-a-head and
hijack each others session. It would also reward the idiot(s) that can
do it best with double pay...
Your imaginary company example doesn't really happen within a real
company, does it? Usually
. It is a decent product and provides
a good interface between the Java obj's and the beans.
You simply write your beans and your sql, run a tool of
theirs on this, and it creates a bean jar and configuration
file with the sql embedded in it.
Maurice Yarrow
Raju Balugu wrote:
As for my knowledge ,Tomcat
resources to a common set of
targets. Now that their attack tools have had connection-
refused after 5 attempts, their tool has struck my address
off their list as being non-fruitful. Just a conjecture, anyway.
Maurice Yarrow
Christopher Schultz wrote:
Simon,
Has anyone done anything
)
the specialized connectors such as mod_jk are about
1.5 times the speed of mod_proxy. This speed differential may
be a consequential performance factor for some, but for our needs,
the simplicity of mod_proxy usage is a major factor.
Maurice Yarrow
Greg Gamble wrote:
On Fri, Jul 21, 2006 at 05:48:17PM
.
Is 5.5.15 still available somewhere ?
Maurice Yarrow
Corey Kaiser wrote:
I suppose I meant SE Linux in my last question.
Sorry for the confusion.
-corey
-Original Message-
From: Corey Kaiser [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 19, 2006 10:27 AM
To: 'users@tomcat.apache.org
form upload) has detailed specs for
multipart upload
Maurice Yarrow
Franklin Phan wrote:
I have an old servlet that I need to recompile but cannot because it
references MultipartRequest class. The servlet imports the following
packages:
import java.io.*;
import java.sql.*;
import java.util
filter-nameImageRequestFilter/filter-name
servlet-namedefault/servlet-name
!--
servlet-nameorg.apache.catalina.servlets.DefaultServlet/servlet-name --
/filter-mapping
Is there some way to do this (without using a
RequestDispatcher.forward(...) ) ?
Maurice Yarrow
()
and forward() to but you need to see configure that in web.xml.
If you are renaming the servlet path - you can't call chain.doFilter()
and get the results you expect. YOu need to get a new RequestDistpatcher
for the location your rewriting to and perform a forward()
-Tim
Maurice Yarrow wrote
);
RequestDispatcher rd = request.getRequestDispatcher(request, response);
rd.forward(request, response);
} else {
filterChain.doFilter(request, response);
}
}
-Tim
Maurice Yarrow wrote:
Hello tomcat users
I have hesitated a while before sending up this question,
for the presumably obvious reason
don't really want to tinker too much
which this most basic core tomcat capability for security
reasons, I would rather resolve this in my web app.
So, actually, my simple question, really, is:
Does anyone who has done this kind of thing have any experiences
that they would care to share?
Maurice
35 matches
Mail list logo