Tomcat client certificate based authorization

Dear List! I need to restrict users to access different resources based on attributes of their client certificate. I found this tutorial which describes the basic idea: http://krishnasblog.com/2012/12/01/enabling-client-cert-based-authorization-on-tomcat/ Apart from not beeing able the get

seeking help with stabilizing the persistence of a JSESSIONID

Hi, I'm a committer for DSpace [1] (a Java servlet) and I'm working on a bug [2]. This bug presents with the following symptoms: 1) user searches site, finds an item of interest, attempts to access the item, but is not currently logged in, so is presented with a "please enter password"

Re: Tomcat 8 Session Timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/3/15 8:28 AM, theo.swe...@avios.com wrote: > Thanks Chris - that pointer is very helpful. > > Can you clarify by setting session-timeout to 0, implies after 60 > seconds the session will expire or does it imply the same as -1, > that

RE: seeking help with stabilizing the persistence of a JSESSIONID

Sorry, I should have mentioned this before: Running Tomcat 7.0.57, binary distribution downloaded from Apache, installed on Red Hat Enterprise Linux Server release 6.7 (Santiago). --Hardy From: Pottinger, Hardy J. Sent: Thursday, September 03, 2015

Re: Help with Tomcat Applications not listening

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Larry, On 9/2/15 4:53 PM, Cohen, Laurence wrote: > We only have one webserver and two tomcat applications on the back > end. Where do I set the connections allowed if we are using > mod_proxy_httpd? So you have a single Tomcat server and a single

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Harry, On 9/3/15 11:12 AM, Pottinger, Hardy J. wrote: > Hi, I'm a committer for DSpace [1] (a Java servlet) and I'm working > on a bug [2]. This bug presents with the following symptoms: > > 1) user searches site, finds an item of interest,

RE: seeking help with stabilizing the persistence of a JSESSIONID

Hi, Chris, thanks for the quick reply! Right now I'm just grasping at straws. If I can prove the JSESSIONID remains the same, and the previous URL is still lost, I'll have definitive proof that the application code is somehow at fault. Right now I have this gray area where it looks (to

RE: seeking help with stabilizing the persistence of a JSESSIONID

> Are you actually using HTTP Basic authentication? You may be configuring > the wrong authenticator. (I know nothing about Shibboleth) I'm using Apache HTTPD as a front-end (via mod_proxy) for Tomcat, since Shibboleth works (mostly) with Apache HTTPD. So, the authentication happens on the

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/3/15 12:52 PM, Pottinger, Hardy J. wrote: > Hi, I'm trying to disable session-fixation-attack protection on > our test server, and I've added the following valve to both my > application's context-fragment file, as well as the main >

RE: seeking help with stabilizing the persistence of a JSESSIONID

Hi, I'm trying to disable session-fixation-attack protection on our test server, and I've added the following valve to both my application's context-fragment file, as well as the main context.xml file: However, after several Tomcat restarts, I can still see the session cookie change after

Re: Tomcat client certificate based authorization

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Juls, On 9/3/15 9:41 AM, juls wrote: > I need to restrict users to access different resources based on > attributes of their client certificate. > > I found this tutorial which describes the basic idea: >

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote: >> Are you actually using HTTP Basic authentication? You may be >> configuring the wrong authenticator. (I know nothing about >> Shibboleth) > > I'm using Apache HTTPD as a front-end (via

Grails war file not starting on Tomcat 7.0.64

Hi , I have a grails application war file, built in production mode. The Grails version I am using is 2.1.1 and I am building the war from command prompt. My OS is UBUNTU 12.0.4. The war is generated without errors . But when I am deploying it to Tomcat(7.0.64), the app is not starting. I am

Re: Grails war file not starting on Tomcat 7.0.64

On Thu, Sep 3, 2015 at 3:26 AM, Ashish Gupta wrote: > Hi , > > I have a grails application war file, built in production mode. The Grails > version I am using is 2.1.1 and I am building the war from command prompt. > My OS is UBUNTU 12.0.4. > > The war is generated

Re: Grails war file not starting on Tomcat 7.0.64

> Hi , > > I have a grails application war file, built in production mode. The Grails > version I am using is 2.1.1 and I am building the war from command prompt. > My OS is UBUNTU 12.0.4. > > The war is generated without errors . But when I am deploying it to > Tomcat(7.0.64), the app is not

Dynamically Create Subdomains - Tomcat 7x

Hi, I need some help, I need to create subdomains dynamically, Is this possible ? I have a site, www.mymainsite.com on this main site, I drop the zipcode and city cookie and then I forward it to front controller, and it's this front controller which will point it to city subdomain. Can we

Re: Tomcat 8 Session Timeout

Thanks Chris - that pointer is very helpful. Can you clarify by setting session-timeout to 0, implies after 60 seconds the session will expire or does it imply the same as -1, that sessions will not timeout? 0 Theo From: Christopher Schultz To:

Re: Grails war file not starting on Tomcat 7.0.64

On Thu, Sep 3, 2015 at 7:30 AM, Ashish Gupta wrote: > > Hi , > > > > I have a grails application war file, built in production mode. The > Grails > > version I am using is 2.1.1 and I am building the war from command > prompt. > > My OS is UBUNTU 12.0.4. > > > > The