clusterListener + globalNamingResource
hi, in my server.xml i have defined a Resource in the GlobalNamingResources section. in the same server.xml i have defined a Cluster along with my own ClusterListener now in the Constructor of my ClusterListener i would like to access the Resource defined in the GlobalNamingResources section. i have tried a couple of things with initialContext // lookup and mBeanServer but cannot get my hands on the object. latest from the logs is that the listener is constructed = before = the resources from the globalNamingResources section get instantiated. is, what i try possible at all? any pointer into the right direction highly appreciated. wkr turnguard | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | web : http://www.semantic-web.at/ | foaf : http://company.semantic-web.at/person/juergen_jakobitsch PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | g+: https://plus.google.com/111233759991616358206/posts | skype : jakobitsch-punkt | xmlns:tg = http://www.turnguard.com/turnguard#;
403 jsp - display required roles
hi, i have a custom 403 error page. on that page i'd like to display the securityConstraints that apply to the requested resource. example : i have a securityConstraint in my web.xml that says that only users with role X are allowed to view resource myPage. when someone tries to access myPage without being in the role X, i'd like to display Role X is required to view myPage is there a way to access the security constraints defined in web.xml from within a jsp? any pointer really appreciated wkr http://www.turnguard.com/turnguard -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | http://www.semantic-web.at/ PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | skype : jakobitsch-punkt - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSLSession invalidate
hi, i'm pretty sure, this question has been asked a thouthand times, but i didn't find an answer : how can access the SSLSession in a jsp or a servlet to be able to invalidate it. any pointer really appreciated wkr www.turnguard.com/turnguard -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | http://www.semantic-web.at/ PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | skype : jakobitsch-punkt - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSLSession invalidate
i should make myself clearer, i guess... i'm trying to close a SSL connection, in case someone wants to use another certificate for a webpage that uses client-cert as authentication method. i know how to close a session, tanks. what i dont't know, how to invalidate a SSLSession. apparently there is one, i can get it's id with request.getAttribute(javax.servlet.request.ssl_session) and also apparently it is not enough to do session.invalidate(), why? because i have it in a logout.jsp that redirects to my index.jsp. now if the SSL Connection would have been invalidated, i should be asked to choose a certificate from my browser certs, which i'm not, after passing my logout.jsp i'm still logged in, i even have a request.setHeader(connection, close) in my logout jsp, which doesn't help either (i have read that the header thing might be interpreted more as guideline for the browser and not necessarily close all connections). in tomcat7 there's the possibility to use SSLSessionManager to invalidate SSLSession, so i'm doing a wild guess, that something similar has to be possible with tomcat6 as well. so the overall workflow would be 1. first hit of index.jsp 2. i'm asked to choose a browser cert 3. i log in with a browser cert 4. i hit the logout button, which makes an ajax request to logout.jsp 5. in logout.jsp i invalidate the normal HTTPSession and set the connection header to close = here some is missing to invalidate the SSLSession 6. in case of success of the logout-ajax request, i'm taken to index.jsp (now start over from point 1. again) only i'm not asked for a cert the second time, which is exactly what i want to achieve... and before you asked : i don't want to switch to tomcat7 for this but need it get done in tomcat-6.0.32 any help really appreciated wkr turnguard - Original Message - From: baran topal jazziiil...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, September 6, 2011 10:57:17 PM Subject: Re: SSLSession invalidate Greetings from Stockholm, this is Baran Topal. As i was drinking my Guiness, i find your question interesting :) Here you go: % HttpSession s = request.getSession(false); if (s != null) s.invalidate(); % Inform me whether this is working or not :) Regards. On 6 sep 2011, at 22:09, Chema demablo...@gmail.com wrote: how can access the SSLSession in a jsp or a servlet to be able to invalidate it. Sorry, but is there any difference between to invalidate a HTTP Session and a SSLSession ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | http://www.semantic-web.at/ PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | skype : jakobitsch-punkt - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSLSession invalidate
thanks mark, if i understand you correct, it is simply NOT possible to invalidate the SSLSession of which i can get the id with request.getAttribute(javax.servlet.request.ssl_session) (it works with this key in 6.0.32) wkr turnguard - Original Message - From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, September 7, 2011 12:08:29 AM Subject: Re: SSLSession invalidate On 06/09/2011 22:42, Jürgen Jakobitsch wrote: apparently there is one, i can get it's id with request.getAttribute(javax.servlet.request.ssl_session) That is a Tomcat bug it should be javax.servlet.request.ssl_session_id in tomcat7 there's the possibility to use SSLSessionManager to invalidate SSLSession, so i'm doing a wild guess, that something similar has to be possible with tomcat6 as well. Your wild guess is wrong. That feature is in Tomcat 7 onwards. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | http://www.semantic-web.at/ PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | skype : jakobitsch-punkt - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
TomcatCluster data replication
hi, i'm in need of data replication in a tomcat-cluster. i set up a tomcat cluster of three tomcats on a single machine with a apache (mod_jk) front that does the load balacing. everything works absolutely charming for reading requests, my trouble start with data input. what i'm trying to achieve is that if i submit data with a html form, the storage on all cluster members needs to be updated. i'm using an openrdf's sesame triple store which locks it's data directory so i can't simply use a single shared directory in my application. what i have in mind, after first readings, is some sort of clustervalve that checks, if a request is a POST request and if yes, sends this request (which updates the repository in the back) to all members of the cluster. so here would be my questions : 1. is there a standard way of doing something like (which a not-clusterable data-backend) 2. is the thing with the clustervalve in fact the correct starting point any help or pointer to the right direction greatly appreciated wkr turnguard.com/turnguard -- punkt. netServices __ Jürgen Jakobitsch Codeography Lerchenfelder Gürtel 43 Top 5/2 A - 1160 Wien Tel.: 01 / 897 41 22 - 29 Fax: 01 / 897 41 22 - 22 netServices http://www.punkt.at - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TomcatCluster data replication
hi, thanks for your input.. 1. switching that backend is apparently not an option, i wouldn't have asked with respect to a non-clusterable data-backend 2. it wouldn't be that two request update one piece of data, but it would be that the first cluster member that receives a POST request, posts that request also to other members, these then simply handle this POST request. Since every application has it's own datadirectory every member would write into it's own datadirectory, that's why the requests need to be forwarded to all members of the cluster. 3. these three tomcats on one machine are for testing purposes only - real world would go on different physical machines. image you have a simple text file in the WEB-INF directory of a webapp named ClusterApp. this ClusterApp is deployed on three tomcats in a cluster. now comes a POST request, that updates the text file (adds one line to it). now of course i need to synchronize the text file on all tomcats in the cluster. in my opinion there are only a few options to achieve this : 1. rsync the file, which is kind of hard, since i have a load balancer and don't know exactly which member answers the request, there are to many insecurities 2. check all incoming requests for HTTP POST, if the request is a POST the send it simply to all members of the cluster. honestly i can hardly imagine that i'm the first to come across this usecase... any help really appreciated.. wkr turnguard.com/turnguard - Original Message - From: André Warnier a...@ice-sa.com To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, April 6, 2011 9:43:02 PM Subject: Re: TomcatCluster data replication Jürgen Jakobitsch wrote: hi, i'm in need of data replication in a tomcat-cluster. i set up a tomcat cluster of three tomcats on a single machine with a apache (mod_jk) front that does the load balacing. everything works absolutely charming for reading requests, my trouble start with data input. what i'm trying to achieve is that if i submit data with a html form, the storage on all cluster members needs to be updated. i'm using an openrdf's sesame triple store which locks it's data directory so i can't simply use a single shared directory in my application. what i have in mind, after first readings, is some sort of clustervalve that checks, if a request is a POST request and if yes, sends this request (which updates the repository in the back) to all members of the cluster. so here would be my questions : 1. is there a standard way of doing something like (which a not-clusterable data-backend) No. 2. is the thing with the clustervalve in fact the correct starting point Probably not. any help or pointer to the right direction greatly appreciated I'm not saying that it would not be possible to do this. And I have no idea what a openrdf's sesame triple store is. But what you describe sounds more like something that should be handled at the level of the application which processes the POST. It is the application which should arrange to update the nn back-end data stores at the same time. Of course that introduces some interesting issues of locking and synchronisation, in case two quasi-simultaneous requests handled by two separate tomcats try to update the same piece of data in each of the datastores. Now just by curiosity, what is the real-world point of this setup, considering that your 3 tomcats are running on the same host ? Why not have a single Tomcat with 3 times more resources, to handle all the requests ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- punkt. netServices __ Jürgen Jakobitsch Codeography Lerchenfelder Gürtel 43 Top 5/2 A - 1160 Wien Tel.: 01 / 897 41 22 - 29 Fax: 01 / 897 41 22 - 22 netServices http://www.punkt.at - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
