Hi,
Currently we use a filter and log4j's NDC to store details of the request
such as our identifier for the user and their Ip address. We then have a log
pattern which puts these details in the log. This way if we have any errors
we can easily associate them back to the origional request. This
Hi,
I want to implement discretionary access control in an app running in
Tomcat - i.e. access controls on URLs served by Tomcat can be changed by
users. I expect to have a 1M resources each with its own ACL. Some
resources have 'public' access. No authentication should be required to
On 02.09.2010 18:55, Pid wrote:
On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
..lots of info is available by JMX, once the server is up. In Java 6
you can attach to the process locally, without having to configure the
JMX ports because it injects the
On 03.09.2010 00:20, Paul Szynol wrote:
Hi, Chris,
Thanks for your response. I do get those requests, but it seems they
always generate standard user agent information, which I then store in
the associated session object. These session objects don't have any user
agent information--that's why
On 04/09/2010 11:05, Rainer Jung wrote:
On 02.09.2010 18:55, Pid wrote:
On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
..lots of info is available by JMX, once the server is up. In Java 6
you can attach to the process locally, without having to
On 04/09/2010 12:41, Pid wrote:
On 04/09/2010 11:05, Rainer Jung wrote:
On 02.09.2010 18:55, Pid wrote:
On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
..lots of info is available by JMX, once the server is up. In Java 6
you can attach to the process
From: Wesley Acheson [mailto:wesley.ache...@gmail.com]
Subject: ThreadLocal and NIO
If I understand it correctly. If we change to use NIO for the
connectors it isn't thread per request any longer
No, the same thread still processes one request all the way through. However,
there is no
From: Brian McBride [mailto:bwm.topmea...@googlemail.com]
Subject: interaction between .forward() and security-constraint
I want to have no authorization constraint because some resources have
public access and no authentication is required for access to those
resources.
Declarative
I would look at a servlet filter to provide this sort of dynamic access
control. Map urls of your choosing to pass through this servlet filter, the
servlet filter could look up potentially changing list of access control
rules and route request to login page or whatever page you'd like if user is
2010/9/4 michel compu...@videotron.ca:
- Original Message - From: Ognjen Blagojevic
ognjen.d.blagoje...@gmail.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Friday, September 03, 2010 6:42 AM
Subject: Re: URL Rewrite
On 3.9.2010 12:02, michel wrote:
I have been using the
Hi Charles,
Thanks for the quick answer.
On 04/09/2010 15:20, Caldarale, Charles R wrote:
[...]
Declarative security is intentionally static;
Its not the declarative access control I want to use - I'd have liked to
be able to resuse the authentication code ...
t
[...]
This is very
Hi Jason,
Thanks for the response.
On 04/09/2010 15:27, Jason Britton wrote:
I would look at a servlet filter to provide this sort of dynamic access
control.
That's what I'm doing. The filter needs to know the user id - and I was
hoping to resuse Tomcat's authentication mechanism for that.
My application uses a JNDIRealm to provide authentication, which is
working fine. However within my application I now have need to query
the same LDAP server which the JNDIRealm is configured to connect.
Is there a way that I can either create a managed resource for LDAP
connectivity that I can
Brian McBride wrote:
...
Ok - now to figure out how to implement digest authentication ...
Digest authentication is not very popular, and rather a pain to implement
yourself.
The reason why it is not very popular is that it is a bit of a halfway solution : it does
avoid user passwords to be
On 04/09/2010 17:27, André Warnier wrote:
Digest authentication is not very popular, and rather a pain to
implement yourself.
The reason why it is not very popular is that it is a bit of a halfway
solution : it does avoid user passwords to be transmitted in clear over
the net, but it is not
far easier to implement than HTTPS
what can MIM access with just the session-id?
is this comparison DIGEST vs HTTPS documented
Martin
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten
Hi, I'm using Apache Bench (ab) to send 1,000 requests with a
concurrency of 500 to a simple servlet on Tomcat trunk (revision 992708,
2010-09-03) which uses request.startAsync() and
Executors.newFixedThreadPool(10) to do the work and return a few bytes
of response and
17 matches
Mail list logo