RE: Cache-Control headers not being added to secure requests
Thank you for the explanation.
However, I'm still confused about
> - {request.isSecure()} means that the headers are only added if the request
> is not secure since responses from secure requests must not be cached
I don't see anything regarding secure requests in RFC2616
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.4
or RFC2818
http://www.ietf.org/rfc/rfc2818.txt
Also, since the code in question is limiting the cacheability of the response,
what is the downside of sending the no-cache header on secure requests?
I ask because we're seeing problems with IE8 caching these responses where it
previously did not when the headers were being automatically appended.
While it may be a client problem, it seems like the change that was removed was
made to work around a similar client problem.
Thanks,
Michael
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, August 17, 2011 12:34 AM
To: Tomcat Users List
Subject: Re: Cache-Control headers not being added to secure requests
On 16/08/2011 22:20, Zampani, Michael wrote:
> It was my understanding that the fix for IE was just the
> securePagesWithPragma change, which changes cache-control:no-cache to
> cache-control:private by default.
> According to the bug report, this should fix IE downloads even for secure
> requests.
> The problem is, this entire block is now ignored for secure requests, which
> results in no headers at all.
> Have I misunderstood something?
The current behaviour is as intended. The cache control headers are only added
when necessary. Working through each component of that if statement:
- {constraints != null} means that this test is only made if the requested
resource is protected by one or more security constraints (unprotected
resources may be cached, protected resources may not)
- {disableProxyCaching} checks to see if this feature is enabled (it is by
default). As per the docs, disabling this feature will trigger a security
problem
- {request.isSecure()} means that the headers are only added if the request is
not secure since responses from secure requests must not be cached
- {!"POST".equalsIgnoreCase(request.getMethod())} means that the headers are
only added if the request is not a POST since responses to POST requests must
not be cached
If you have a client or proxy that is caching responses for secure requests
then I would say that this is a client problem.
If you need those headers for some other reason (can't think what) a simple
filter that adds them for secure requests should only take a few minutes to
write.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Moving init params from web.xml to context.xml
Our apps are currently deployed using a minimal context.xml file (pointer to doc-base only), with all the other information contained in the web.xml and some properties files. What I'd like to do is move as much of the customizable values out of the web.xml file and into the context.xml file to make upgrades a bit easier. Specifically, I want to move the properties files to a location that won't get overridden when new war files are deployed. Our current web.xml file is structured: LOG4J_PROPS /WEB-INF/Log4j.properties SERVA SERVA Controlling servlet for A com.mycompany.webapp.serva SERVA_PROPS /WEB-INF/SERVA.properties 1 SERVB SERVB Controlling servlet for B com.mycompany.webapp.servb SERVB_PROPS /WEB-INF/SERVB.properties 1 I know from the docs that I can save move the LOG4J_PROPS to the context.xml as it is defined as a . However, can I move the 2 servlet props to the context.xml file also? If so, is it the same as the log4j, or do I need to do something different? Lastly, can the setting be located outside of the web.xml file? We customer with different requirements for this value (some misguided), and would like to make it easy for them to set it without having to update it with every deployment. Jeff __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system.
deployment issue
Hi All, I have an issue with Tomcat6.0.32(64bit), when i am trying to deploy my web services using windows services, services is starting successfully but my dependency files is referring to default directory i.e. c:\windows\system32 folder so that my web services is not running. My concern is how to set my dependencies to the current directory(server installed folder), not to c:\windows\system32.please kindly help, it would be appreciated . Thanks Krishna p -- "With great power comes great responsibility" - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 5.5.28 on 64 bit windows server 2008.
> -Original Message- > From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Sent: Monday, August 22, 2011 9:08 AM > To: 'Tomcat Users List' > Subject: RE: Tomcat 5.5.28 on 64 bit windows server 2008. > > This is a known issue with the APR library, though I don't know if a > bug has ever been entered for it. The APR connectors will only bind to > IPv6-any by default. If you search the list, you will see that it has > been a problem for about a year, and, I think, only affects the > implementation on Windows systems. Therefore, the underlying issue may > be a Windows one. > Allow me to clear that up: 1) If no "address=" parameter is given in the when running under Windows 2008/Vista/7, then the APR will only bind to the IPv6 "any" address of [::] for the specified port. 2) If you need IPv4 support under APR, you will need to either specify the "address=0.0.0.0" parameter to get the IPv4 "any" address, or specify the actual IP address to listen on. 3) If you need to support both IPv4 & IPv6, you will need to set up two connectors, one for each protocol. 4) This only applies if you are using the APR/native libraries. This was originally discussed on this list in May of 2010, and I think this was determined to be due to Microsoft deciding to implement two protocol stacks, but no one was exactly sure. Also, this only applies to APR/native version 1.1.12 and later, but I doubt anyone really wants to use the earlier versions any more. __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: OT: help with concurrency issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexis,
On 8/21/2011 10:16 AM, alexis wrote:
> public class Queue {
>
> private static org.apache.log4j.Logger log =
> Logger.getLogger(Queue.class); private Command command; private
> boolean valueSet = false;
So, a single-item queue? I think that has a different name...
> public synchronized void put(Command c) { if (valueSet) {
As Felix suggested, while() is usually better than if() in these cases.
> try { wait(); } catch (InterruptedException ie) { } } this.command
> = c;
>
> log.info("put : "+c.getCommand()); valueSet = true; notify(); }
>
> public synchronized Command get() { if (!valueSet) { try { wait();
> } catch (InterruptedException ie) { } } valueSet = false;
> notify();
Why notify() here?
> log.info("get : "+this.command.getCommand()); return command;
What about setting "command" to null? That seems to be more in-line
with the expected operation of this class. You can also use the
null-ness of the "command" as your check instead of having the
"valueSet" member (unless you want to be able to store nulls in your
"queue").
Finally... why implement your own queue? Java comes with
java.util.BlockingQueue which should probably meet your needs.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5ScngACgkQ9CaO5/Lv0PA6nwCgvKvoe/vQaIXoTX9NN3ezOsPg
I9AAoJirNl8Qz7MaGFbHTwjQ2zlrVn4i
=XExe
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 + VirtualHost
Dear All, Thank you for your tips and suggestions. I've convinced my developers, that rewriting application will be better. Currently they are working on that, so reported issue not exists anymore. Thanks again for your time. Best Regards -- Piotr Pawlowski On 22 August 2011 16:14, André Warnier wrote: > Piotr Pawlowski wrote: > >> Dear All, >> >> Making my application as ROOT app won't solve the problem because I will >> have application running under example.com , not example.com/myApp. A lot >> of >> hyperlinks are hard-coded in it. >> > > That is a very bad design, which will cost you a lot of lost time in the > future. > > > Changing this will costs my developers > >> around 4hours of coding and testing which we currently don't have. >> > > But it will cost you much, much more in the future, when you have even more > pages like that. > > Your current issue is a perfect example : just trying to change the initial > URL leading to your application, on the same server, is already complicated. > > Now think what it would cost to install it on another system which already > uses the name "myApp". Or that you need to give a copy to a graphic > designer, to improve the looks. > Or to run this behind a proxy or load-balancer. > > Spend the 4 hours now, and you will thank yourself many times in the > future. > > > --**--**- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat 7 + VirtualHost
Piotr Pawlowski wrote: Dear All, Making my application as ROOT app won't solve the problem because I will have application running under example.com , not example.com/myApp. A lot of hyperlinks are hard-coded in it. That is a very bad design, which will cost you a lot of lost time in the future. Changing this will costs my developers around 4hours of coding and testing which we currently don't have. But it will cost you much, much more in the future, when you have even more pages like that. Your current issue is a perfect example : just trying to change the initial URL leading to your application, on the same server, is already complicated. Now think what it would cost to install it on another system which already uses the name "myApp". Or that you need to give a copy to a graphic designer, to improve the looks. Or to run this behind a proxy or load-balancer. Spend the 4 hours now, and you will thank yourself many times in the future. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 5.5.28 on 64 bit windows server 2008.
This is a known issue with the APR library, though I don't know if a bug has ever been entered for it. The APR connectors will only bind to IPv6-any by default. If you search the list, you will see that it has been a problem for about a year, and, I think, only affects the implementation on Windows systems. Therefore, the underlying issue may be a Windows one. > -Original Message- > From: Stefan Mayr [mailto:ste...@mayr-stefan.de] > Sent: Sunday, August 21, 2011 10:16 AM > To: Tomcat Users List > Subject: Re: Tomcat 5.5.28 on 64 bit windows server 2008. > > Hello, > > Am 21.08.2011 15:01, schrieb Venkata Surapaneni: > > Verlag, > > > > Both the suggestions worked and We are going to add address > line to the server.xml file. > > > > Is the support for IP 4 dropped by plan or by accident ? If it is by > plan, isn't it early ? There are still lot of applications running on > IP 4 and it will be while before every one is ready for IP 6. > > > > If it is by accident, I believe the versions from 5.5.29 have this > issue. > > I guess this is not a Tomcat issue. In your server.xml you habe the > org.apache.catalina.core.AprLifecycleListener enabled which uses the > dll > named by Eurotrans-Verlag. It should be enough to remove this line from > your config to disable native APR. Another solution might be to keep > your old Tomcat version and update only the binaries für your operating > system. Maybe your dlls are not meant for 64bit Windows. See > http://tomcat.apache.org/download-native.cgi. > > For further JVM IPv6 documentation check first > http://download.oracle.com/javase/6/docs/technotes/guides/net/ipv6_guid > e/index.html > Especially java.net.preferIPv4Stack is interesting to enforce a certain > protocol behaviour. > > Stefan > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 + VirtualHost
On 22/08/2011 13:15, Piotr Pawlowski wrote: > A lot of hyperlinks are hard-coded in it. That can't possibly go wrong... p signature.asc Description: OpenPGP digital signature
Re: Tomcat 7 + VirtualHost
2011/8/22 Piotr Pawlowski : > Maybe I didn't describe it clearly - I need some kind of redirection from > example.com to example.com/myApp . ROOT/index.jsp: [[[ <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> ]]] + add standard taglib to the ROOT webapp http://tomcat.apache.org/taglibs/standard/ or call response.sendRedirect() directly. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 + VirtualHost
Dear All, Making my application as ROOT app won't solve the problem because I will have application running under example.com , not example.com/myApp. A lot of hyperlinks are hard-coded in it. Changing this will costs my developers around 4hours of coding and testing which we currently don't have. That is why I woul prefer changing Tomcat configuration rather than rewriting application. Maybe I didn't describe it clearly - I need some kind of redirection from example.com to example.com/myApp . Best Regards -- Piotr Pawlowski
Re: Tomcat 7 + VirtualHost
On 22/08/2011 11:51, Piotr Pawlowski wrote: > Dear All, > > I have following issue: > I have domain, example.com. My application is running under > http://example.com/myApp . Unfortunately every time I need to enter full url > to access my application (example.com/myApp). Is it possible to configure > tomcat in such way, that my application will start always when I enter only > domain name (example.com) ? > Thank you in advance for any tip or clue. Make it the ROOT* application. See the Tomcat docs for more details. http://tomcat.apache.org/ p * Note the uppercase - it matters. signature.asc Description: OpenPGP digital signature
Tomcat 7 + VirtualHost
Dear All, I have following issue: I have domain, example.com. My application is running under http://example.com/myApp . Unfortunately every time I need to enter full url to access my application (example.com/myApp). Is it possible to configure tomcat in such way, that my application will start always when I enter only domain name (example.com) ? Thank you in advance for any tip or clue. Best Regards -- Piotr Pawlowski
