clusterListener + globalNamingResource

2014-01-29 Thread Jürgen Jakobitsch
hi,

in my server.xml i have defined a Resource in the GlobalNamingResources
section.

in the same server.xml i have defined a Cluster along with my own
ClusterListener

now in the Constructor of my ClusterListener i would like to access the
Resource defined in the GlobalNamingResources section.

i have tried a couple of things with initialContext // lookup and
mBeanServer but cannot get my hands on the object.

latest from the logs is that the listener is constructed = before = the
resources from the globalNamingResources section get instantiated.

is, what i try possible at all?

any pointer into the right direction highly appreciated.

wkr turnguard


| Jürgen Jakobitsch,
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| web   : http://www.semantic-web.at/
| foaf  : http://company.semantic-web.at/person/juergen_jakobitsch
PERSONAL INFORMATION
| web   : http://www.turnguard.com
| foaf  : http://www.turnguard.com/turnguard
| g+: https://plus.google.com/111233759991616358206/posts
| skype : jakobitsch-punkt
| xmlns:tg  = http://www.turnguard.com/turnguard#;


403 jsp - display required roles

2011-12-29 Thread Jürgen Jakobitsch
hi,

i have a custom 403 error page.
on that page i'd like to display the securityConstraints that apply
to the requested resource.

example :

i have a securityConstraint in my web.xml that says that only users with role 
X
are allowed to view resource myPage.
when someone tries to access myPage without being in the role X, i'd like to
display Role X is required to view myPage

is there a way to access the security constraints defined in web.xml from within
a jsp?

any pointer really appreciated
wkr http://www.turnguard.com/turnguard


--
| Jürgen Jakobitsch,
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| http://www.semantic-web.at/

PERSONAL INFORMATION
| web   : http://www.turnguard.com
| foaf  : http://www.turnguard.com/turnguard
| skype : jakobitsch-punkt

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



SSLSession invalidate

2011-09-06 Thread Jürgen Jakobitsch
hi, i'm pretty sure, this question
has been asked a thouthand times, but
i didn't find an answer :

how can access the SSLSession in a jsp or a servlet
to be able to invalidate it.

any pointer really appreciated

wkr www.turnguard.com/turnguard

--
| Jürgen Jakobitsch,
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| http://www.semantic-web.at/

PERSONAL INFORMATION
| web   : http://www.turnguard.com
| foaf  : http://www.turnguard.com/turnguard
| skype : jakobitsch-punkt

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: SSLSession invalidate

2011-09-06 Thread Jürgen Jakobitsch
i should make myself clearer, i guess...

i'm trying to close a SSL connection, in case someone wants to use another 
certificate
for a webpage that uses client-cert as authentication method.

i know how to close a session, tanks. what i dont't know, how to invalidate a 
SSLSession.
apparently there is one, i can get it's id with 
request.getAttribute(javax.servlet.request.ssl_session)
and also apparently it is not enough to do session.invalidate(), why? because i 
have it in a logout.jsp
that redirects to my index.jsp. now if the SSL Connection would have been 
invalidated, i should be
asked to choose a certificate from my browser certs, which i'm not, after 
passing my logout.jsp
i'm still logged in, i even have a request.setHeader(connection, close) in 
my logout jsp, which
doesn't help either (i have read that the header thing might be interpreted 
more as guideline for the browser
and not necessarily close all connections).

in tomcat7 there's the possibility to use SSLSessionManager to invalidate 
SSLSession, so i'm doing a
wild guess, that something similar has to be possible with tomcat6 as well.


so the overall workflow would be

1. first hit of index.jsp
2. i'm asked to choose a browser cert
3. i log in with a browser cert
4. i hit the logout button, which makes an ajax request to logout.jsp
5. in logout.jsp i invalidate the normal HTTPSession and set the connection 
header to close

   = here some is missing to invalidate the SSLSession

6. in case of success of the logout-ajax request, i'm taken to index.jsp
   (now start over from point 1. again)
   only i'm not asked for a cert the second time, which is exactly what i want 
to achieve... and before you asked : i don't want to switch to tomcat7 for this
   but need it get done in tomcat-6.0.32

any help really appreciated
wkr turnguard



- Original Message -
From: baran topal jazziiil...@gmail.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Tuesday, September 6, 2011 10:57:17 PM
Subject: Re: SSLSession invalidate

Greetings from Stockholm, this is Baran Topal.

As i was drinking my Guiness, i find your question interesting :)

Here you go:

%
HttpSession s = request.getSession(false);
if (s != null) s.invalidate();
%

Inform me whether this is working or not :)

Regards.

On 6 sep 2011, at 22:09, Chema demablo...@gmail.com wrote:

 how can access the SSLSession in a jsp or a servlet
 to be able to invalidate it.

 Sorry, but

 is there any difference between to  invalidate a HTTP Session and a 
 SSLSession ?

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


--
| Jürgen Jakobitsch,
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| http://www.semantic-web.at/

PERSONAL INFORMATION
| web   : http://www.turnguard.com
| foaf  : http://www.turnguard.com/turnguard
| skype : jakobitsch-punkt

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: SSLSession invalidate

2011-09-06 Thread Jürgen Jakobitsch
thanks mark,

if i understand you correct, it is simply NOT possible to invalidate
the SSLSession of which i can get the id with 
request.getAttribute(javax.servlet.request.ssl_session)
(it works with this key in 6.0.32)

wkr turnguard

- Original Message -
From: Mark Thomas ma...@apache.org
To: Tomcat Users List users@tomcat.apache.org
Sent: Wednesday, September 7, 2011 12:08:29 AM
Subject: Re: SSLSession invalidate

On 06/09/2011 22:42, Jürgen Jakobitsch wrote:
 apparently there is one, i can get it's id with 
 request.getAttribute(javax.servlet.request.ssl_session)

That is a Tomcat bug it should be javax.servlet.request.ssl_session_id

 in tomcat7 there's the possibility to use SSLSessionManager to invalidate 
 SSLSession, so i'm doing a
 wild guess, that something similar has to be possible with tomcat6 as well.

Your wild guess is wrong. That feature is in Tomcat 7 onwards.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


--
| Jürgen Jakobitsch,
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| http://www.semantic-web.at/

PERSONAL INFORMATION
| web   : http://www.turnguard.com
| foaf  : http://www.turnguard.com/turnguard
| skype : jakobitsch-punkt

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



TomcatCluster data replication

2011-04-06 Thread Jürgen Jakobitsch
hi,

i'm in need of data replication in a tomcat-cluster.
i set up a tomcat cluster of three tomcats on a single machine with a apache 
(mod_jk) front that does the load balacing.
everything works absolutely charming for reading requests, my trouble start 
with data input.

what i'm trying to achieve is that if i submit data with a html form, the 
storage on all cluster members needs to be updated.
i'm using an openrdf's sesame triple store which locks it's data directory so i 
can't simply use a single shared directory
in my application.

what i have in mind, after first readings, is some sort of clustervalve that 
checks, if a request is a POST request and if
yes, sends this request (which updates the repository in the back) to all 
members of the cluster.

so here would be my questions :

1. is there a standard way of doing something like (which a not-clusterable 
data-backend)
2. is the thing with the clustervalve in fact the correct starting point

any help or pointer to the right direction greatly appreciated

wkr turnguard.com/turnguard

-- 
punkt. netServices
__
Jürgen Jakobitsch
Codeography

Lerchenfelder Gürtel 43 Top 5/2
A - 1160 Wien
Tel.: 01 / 897 41 22 - 29
Fax: 01 / 897 41 22 - 22

netServices http://www.punkt.at


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: TomcatCluster data replication

2011-04-06 Thread Jürgen Jakobitsch
hi, thanks for your input..

1. switching that backend is apparently not an option, i wouldn't have asked 
with respect to a non-clusterable data-backend
2. it wouldn't be that two request update one piece of data, but it would be 
that the first cluster member that receives 
   a POST request, posts that request also to other members, these then simply 
handle this POST request. Since every 
   application has it's own datadirectory every member would write into it's 
own datadirectory, that's why the requests
   need to be forwarded to all members of the cluster.
3. these three tomcats on one machine are for testing purposes only - real 
world would go on different physical machines.

image you have a simple text file in the WEB-INF directory of a webapp named 
ClusterApp. this ClusterApp is deployed 
on three tomcats in a cluster. now comes a POST request, that updates the text 
file (adds one line to it).
now of course i need to synchronize the text file on all tomcats in the cluster.

in my opinion there are only a few options to achieve this :
1. rsync the file, which is kind of hard, since i have a load balancer and 
don't know exactly which member answers the request, there are 
   to many insecurities
2. check all incoming requests for HTTP POST, if the request is a POST the send 
it simply to all members of the cluster.


honestly i can hardly imagine that i'm the first to come across this usecase...


any help really appreciated..
wkr turnguard.com/turnguard


- Original Message -
From: André Warnier a...@ice-sa.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Wednesday, April 6, 2011 9:43:02 PM
Subject: Re: TomcatCluster data replication

Jürgen Jakobitsch wrote:
 hi,
 
 i'm in need of data replication in a tomcat-cluster.
 i set up a tomcat cluster of three tomcats on a single machine with a apache 
 (mod_jk) front that does the load balacing.
 everything works absolutely charming for reading requests, my trouble start 
 with data input.
 
 what i'm trying to achieve is that if i submit data with a html form, the 
 storage on all cluster members needs to be updated.
 i'm using an openrdf's sesame triple store which locks it's data directory so 
 i can't simply use a single shared directory
 in my application.
 
 what i have in mind, after first readings, is some sort of clustervalve that 
 checks, if a request is a POST request and if
 yes, sends this request (which updates the repository in the back) to all 
 members of the cluster.
 
 so here would be my questions :
 
 1. is there a standard way of doing something like (which a not-clusterable 
 data-backend)

No.

 2. is the thing with the clustervalve in fact the correct starting point

Probably not.

 
 any help or pointer to the right direction greatly appreciated
 
I'm not saying that it would not be possible to do this.  And I have no idea 
what a 
openrdf's sesame triple store is.
But what you describe sounds more like something that should be handled at the 
level of 
the application which processes the POST.  It is the application which should 
arrange to 
update the nn back-end data stores at the same time.  Of course that introduces 
some 
interesting issues of locking and synchronisation, in case two 
quasi-simultaneous requests 
handled by two separate tomcats try to update the same piece of data in each of 
the 
datastores.

Now just by curiosity, what is the real-world point of this setup, considering 
that your 3 
tomcats are running on the same host ?
Why not have a single Tomcat with 3 times more resources, to handle all the 
requests ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-- 
punkt. netServices
__
Jürgen Jakobitsch
Codeography

Lerchenfelder Gürtel 43 Top 5/2
A - 1160 Wien
Tel.: 01 / 897 41 22 - 29
Fax: 01 / 897 41 22 - 22

netServices http://www.punkt.at


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org