Hi,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Tobias,
On 6/11/13 11:20 AM, Tobias Gierke wrote:
In my web app, I'd like to re-use the (server-wide) Tomcat Realm
that is already being used for HTTP Basic authentication but
couldn't find a way how to get hold of the actual Realm instance.
Hi Oliver,
I think I now understand your issue. I was faced with a similar problem and
could not figure out how to get the roles of an authenticated user through the
servlet API.
It seems to only allow the question 'request.isUserInRole(role)'. But does not
seem to provide a way to get a
Hi Chuck,
Tried the same on 6.0.37 its the same issue.
I am using JVM 1.6.0.39 and both my client and server are on separate linux
x86 machines.
The issue is with one of my client as it seems. HttpClient 3.1.
A code snippet from both my clients:
3.1
MultiThreadedHttpConnectionManager
Thanks for posting your results.
But I am thinking now that this may lead to a portability issue. Push to a
container other than Tomcat and 'org.apache.catalina.User' will not be
available on the classpath.
Also, during development you are forced to include catalina as a dependency to
Hi,
Thanks for posting your results.
But I am thinking now that this may lead to a portability issue. Push to a
container other than Tomcat and 'org.apache.catalina.User' will not be
available on the classpath.
Yes, this is a portability issue. But to be honest, changing (assuming a
I can confirm that the one liner patch fixes the problem for me as well.
Due to policies, I have problems to roll this into the productive
environment, so a release would be highly welcome even if this is the only
fix (so it seems to me).
Cheers
Martin
On Tue, Jun 11, 2013 at 6:42 AM, Rainer
Thanks for the detail.
As a final note and in case you are not already doing this, I have found the
scopeprovided/scope element in dependency/ useful under similar
circumstances when building a war. This prevents bundling of dependencies
provided by the container such as catalina, servlet,
Oliver Tanglin | SAIC
Software Appl. Engineer | C3 Systems and Analysis Division
Phone: 703-676-7449 | Mobile: 727-207-1037
tangl...@saic.com
-Original Message-
From: users-return-242256-OLIVER.TANGLIN=saic@tomcat.apache.org on behalf
of Jane Muse
Sent: Tue 6/11/2013 7:42 PM
To:
Getting FIPS mode turned on and running is, unfortunately, far more complex
than getting the libs, or even building them, and installing them.
You need to follow the directions for building the FIPS module here:
http://www.openssl.org/docs/fips/fipsnotes.html
-and-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jakob,
On 6/11/13 5:04 PM, Ja kub wrote:
requirement is system should be possible to process 160 req/sec
(200 is better to multiply) and system is kind of failover proxy
itself
there are 2 backing webservices, each can answer max 20s, it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steve,
On 6/11/13 6:51 PM, Steve Nickels wrote:
I've been trying to compile tcnative on Windows with a
FIPS-compatible build of OpenSSL. I've been successful building
and running tcnative this way, at least until I turn on FIPS mode
on the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chirag,
On 6/12/13 1:01 AM, Chirag Dewan wrote:
I am facing an Out of Memory Issue with my application. I am using
Embedded Tomcat 6.0.18. I have a simple servlet deployed which
does nothing but set the HTTPResponse and return it.
Are you sure
On 06/11/2013 06:42 AM, Rainer Jung wrote:
On 11.06.2013 00:58, Martin Knoblauch wrote:
Any plans when 1.2.38 will be released?
Not really, but it is overdue. So IMO we should release it during the
next few weeks.
Yeah. There are few more reported bugs for updating status
which I'd like to
I don't know if this is the correct list but it seem to be the best one.
I'm trying to find evidence of whether tomcat 6.0.35 is vulnerable (and if so,
was it fixed and in which version?) to the issue identified in CVE-2007-6750?
The Apache HTTP Server 1.x and 2.x allows remote attackers to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Brandon,
On 6/12/13 11:33 AM, Brandon McCombs wrote:
I don't know if this is the correct list but it seem to be the
best one.
I'm trying to find evidence of whether tomcat 6.0.35 is vulnerable
(and if so, was it fixed and in which version?)
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, June 12, 2013 11:56 AM
To: Tomcat Users List
Subject: Re: is tomcat 6.0.35 vulnerable to CVE-2007-6750?
Brandon,
On 6/12/13 11:33 AM, Brandon McCombs wrote:
I don't know if this is the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Brandon,
On 6/12/13 12:33 PM, Brandon McCombs wrote:
So it seems that although there is a chance of Tomcat being
vulnerable [to Slowloris] it isn't a sufficiently large risk to
warrant being addressed and is in fact categorized as a low risk.
Thanks much. Problem was solved by removing an old catalina.jar for WEB-INF/lib.
JMuse
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Tuesday, June 11, 2013 7:38 PM
To: Tomcat Users List
Subject: RE: Class cast exception when starting tomcat
From: Jane Muse [mailto:jm...@rocketsoftware.com]
Subject: RE: Class cast exception when starting tomcat 7.0.1
Problem was solved by removing an old catalina.jar for WEB-INF/lib.
The fact that you had a Tomcat-supplied jar in WEB-INF/lib is even scarier than
using a three-year-old
I'm fairly confident that the OpenSSL library I'm using is valid and
uncorrupted (I've used a couple different copies: an existing set of
binaries being used successfully in another product internally, and a
newly built version which I have successfully used the openssl utility
against,
Hi Chris,
On 6/11/13 1:05 AM, ruxing bao wrote:
Sorry,I can't get any more of the stack trace.
We wrapped zookeepr client as a spring bean and invoked method
close of zookeeper in destory-method of bean,in that method
close,zookeeper Send Thread was closed. When tomcat was shut
Hi Chris,
A little more digging in and I found out that only with SSL,tomcat is creating
a large number of sessions. I can see in the logs for HTTP:
INFO: SessionListener: sessionDestroyed('2E8DE01EE3F0D166FEFC8A45353CD9ED')
Now,in case of HTTPS I see a large number of such logs. So I believe
22 matches
Mail list logo