John Caron wrote:
I have a _possible_ bug involving security in Tomcat 5.0.28. I dont see
it in the bug database, although it may be described in a way that I
didnt search for.
I would prefer to send it privately in case its real. If thats not
feasible, I will post it here. Or is there a way
I have a _possible_ bug involving security in Tomcat 5.0.28. I dont see it in
the bug database, although it may be described in a way that I didnt search for.
I would prefer to send it privately in case its real. If thats not feasible, I
will post it here. Or is there a way to put it in the
uot;, "resolve";
};
and I can monitor my tomcat with jconsole. But this means I give the above
permissions to all jars & webapps on my tomcat. So guessed, giving these
permissions only to $JAVA_HOME jars (lib, lib/ext) and tomcat jars
(common,s
> From: Tracy Spratt [mailto:[EMAIL PROTECTED]
> Subject: Can the Tomcat authentication module use an ASP.NET
> security token?
>
> I have a Tomcat app (MM Flex app) that is called from an asp.net
> application which is secured by "forms" (cookie-based) authentic
I have a Tomcat app (MM Flex app) that is called from an asp.net
application which is secured by "forms" (cookie-based) authentication.
(NOT NTLM / Windows Integrated)
I don't want the user to have to log in again.
I have a programmatic solution in mind, but it is going to be
comparitively ugly.
.
If I run tomcat without security manager everything works well.
If I run tomcat with security manager, monitoring the tomcat mbeans works well
- but jconsoles memory view doensn't work!
Sun's doc says: "If your application runs a security manager, then additional
permissions are
I like to monitor my tomcat 5.5 (running on jdk 1.5.0) with jconsole.
If I run tomcat without security manager everything works well.
If I run tomcat with security manager, monitoring the tomcat mbeans works well
- but jconsoles memory view doensn't work!
Sun's doc says: "If your a
All:
Is it possible to start Tomcat w/ the security manager enabled if I were
to use the Tomcat Web Application Manager?
--
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
When trying a recently unpacked 5.5.11, started with -security, I get an
exception the first time I try to check the root index.jsp.
Anyone know what I am doing wrong?
Cheers,
-- Gunnar Brading
SEVERE: Servlet.service() for servlet org.apache.jsp.index_jsp threw
exception
The IBM platform has a unique capability to create a thread level
security environment.
I have an application requirement to do so.. I can invoke the necessary
function using JNI.
Someone has suggested to me that using the technique of a Custome Valve
would enable me to implement
the
i have this in my ${CATALINA_HOME}/webapps/ROOT/WEB-INF/web.xml:
FORM
qrm
/login/login.do?type=attempt
/login/login.do?type=error
and this in ${CATALINA_HOME}/conf/Catalina/localhost/ROOT.xml:
The database is up and contai
I am running tomcat on z/OS using JZOS.
I would like to create a thread security context thru jni using
pthread_security_np().
I have the following questions:
1) Does tomcat create a thread when it processes a client request ??
2) Can tomcat create a "session" where one thread pro
WAR file security settings.
I can confirm that you can't override these web.xml settings in server.xml
It should be simple enough in Ant to generate two .war files that only
differ by the web.xml file
Mark
Jim Henderson wrote:
> By the lack of response to my question, I take it that i
nment values?
Can someone confirm this or have I just missed something in the Tomcat
documentation?
Thanks
-Original Message-
From: Jim Henderson [mailto:[EMAIL PROTECTED]
Sent: Monday, August 22, 2005 3:13 PM
To: tomcat-user@jakarta.apache.org
Subject: Override WAR file security set
, 2005 3:13 PM
To: tomcat-user@jakarta.apache.org
Subject: Override WAR file security settings.
I am working on a web application that can be used in two ways at the same
time depending on its URL. The original WAR file has a web.xml that defines
tight security requiring form authentication with id
I am working on a web application that can be used in two ways at the same
time depending on its URL. The original WAR file has a web.xml that defines
tight security requiring form authentication with id and password.
In Tomcats server.xml I have two Contexts with different paths but to the
Okay great. I'll check the docs on that once I get the server side stuff
running right. Thanks for all the hel.
Roberto
David Smith <[EMAIL PROTECTED]>
08/15/2005 10:59 AM
Please respond to
"Tomcat Users List"
To
Tomcat Users List
cc
Subject
Re: Security Quest
a real proxy server. Thanks.
>
>Roberto
>
>
>
>Hassan Schroeder <[EMAIL PROTECTED]>
>08/15/2005 10:30 AM
>Please respond to
>"Tomcat Users List"
>
>
>To
>Tomcat Users List
>cc
>
>Subject
>Re: Security Questions Regarding Tomcat
>
sers List"
To
Tomcat Users List
cc
Subject
Re: Security Questions Regarding Tomcat
Robert V. Coward/CTR/OSAGWI wrote:
> Understood. But I do not want to use Tomcat proxying services. I just
want
> to host 8080 locally and let my ipfilter firewall block and proxy for
Robert V. Coward/CTR/OSAGWI wrote:
Understood. But I do not want to use Tomcat proxying services. I just want
to host 8080 locally and let my ipfilter firewall block and proxy for me.
Then the default Tomcat configuration of listening on port 8080 is
just what you need. I highly recommend makin
cc
Subject
Re: Security Questions Regarding Tomcat
Robert V. Coward/CTR/OSAGWI wrote:
> Hmmm. Well take a look at this entry from the server.xml file:
>
>
>
>
>
> I did not add this and from what I can tell this comes with the default
> config. An
Robert V. Coward/CTR/OSAGWI wrote:
Hmmm. Well take a look at this entry from the server.xml file:
I did not add this and from what I can tell this comes with the default
config. Any info?
About what? This is in the Fine Manual -- see the Connector
documentation under tomcat-d
ther folks ipnat.conf and
ipf.conf files if this is being done already. I'll do some more research
and keep the group appraised of my progress. Thanks.
Roberto
David Smith <[EMAIL PROTECTED]>
08/15/2005 08:29 AM
Please respond to
"Tomcat Users List"
To
Tomcat Users
>
>
>
>I did not add this and from what I can tell this comes with the default
>config. Any info?
>
>Roberto
>
>
>
>
>David Smith <[EMAIL PROTECTED]>
>08/12/2005 11:40 AM
>Please respond to
>"Tomcat Users List"
>
omcat Users List
cc
Subject
Re: Security Questions Regarding Tomcat
This sounds really fishy. Tomcat does not by default have any
connectors configured for port 80. There must be another service or
you've modified your server.xml somehow.
--David
Robert V. Coward/CTR/OSAGWI wrot
I have been setting up BASIC security realms to limit partial site access to
authorised users. The security/privacy is not too great, I just want to
stop casual browser access.
All works fine, with normal browser access causing the pop-up window
requesting user name and password.
However
OK, this is correct! Sorry, but I also thing that we must
have a secretKey and a restricted IP list to register inside cluster I
want implement this
inside the next release. But currenly the cluster message are not
crypted and when clients can connect
to your network your go in trouble. At secur
When using tomcat clusters on an untrusted subnet or using a routable
multicast address, i see the potential for a rogue tomcat instance to
join a cluster in order to hijack session information. This doesn't
seem to be cured by any firewalling of incoming connections to the
valid servers, as, from
Leandro Meiners wrote:
Where can I find documentation regarding limting HTTP methods using
security-constraints?
The Security section of the Servlet 2.4 Spec (SRV.12) has some good
examples -- highly recommended :-)
FWIW!
--
Hassan Schroeder - [EMAIL PROTECTED
Tim, list:
Where can I find documentation regarding limting HTTP methods using
security-constraints?
All I was able to do was requiere authentication in order to use some HTTP
methods but I would like to limit them like it can be donde with the
directive "Limit" in Apache.
I will also
Hello all,
I'm ready to pull my hair out getting the security constraint to work.
Basically, I need to forward all traffic except one directory to the https
port. I've got it to work if I use the url-pattern of "/*". However, when I
specify the patterns to accompli
to use ports under 1000.
>
>
> ...not in Linux and some (all?) Unix variants, anyway.
>
> (FWIW I think this root-only-below-1000 rule is an
> ill considered security kludge which has probably
> caused more trouble than it has circumvented)
>
> You could redirect port 443 to
work admin is giving me much grief about allowing port 8080 access to
>the web.
>
>Thanks
>
>
>
>
>
>Paul Singleton <[EMAIL PROTECTED]>
>08/12/2005 10:08 AM
>Please respond to
>"Tomcat Users List"
>
>
>To
>Tomcat Users List
>cc
>
n
>to use ports under 1000.
>
>Ralph B. Harrell
>UNC Charlotte
>Manager, Oracle Database Administration
>[EMAIL PROTECTED]
>(704) 687-2951
>-Original Message-
>From: Alon Belman [mailto:[EMAIL PROTECTED]
>Sent: Thursday, August 11, 2005 4:20 PM
>To: Tomcat U
Robert V. Coward/CTR/OSAGWI wrote:
Apparently T5 comes with a port 80 proxy server a special servlet
container or something. Basically I have ipfilter running and only allow
access to port 8080, but if you send a request to 80 tTomcat picks up and
does some sort of internal redirect to port 8
ready. Anyone have any ideas? My
network admin is giving me much grief about allowing port 8080 access to
the web.
Thanks
Paul Singleton <[EMAIL PROTECTED]>
08/12/2005 10:08 AM
Please respond to
"Tomcat Users List"
To
Tomcat Users List
cc
Alon Belman <[EMAIL PROTECTE
-below-1000 rule is an
ill considered security kludge which has probably
caused more trouble than it has circumvented)
You could redirect port 443 to 8443 (and 80 to 8080)
either in an external firewall/router or in iptables
within your server, then start Tomcat as e.g. tomcat
on its usual ports
-Original Message-
From: Alon Belman [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 11, 2005 4:20 PM
To: Tomcat Users List
Subject: Re: Security Questions Regarding Tomcat
copied "share" to meb/robo
laters!
On 8/11/05, LFM <[EMAIL PROTECTED]> wrote:
> Tim,
>
> Th
Funk wrote:
The Server header can be configured in the declaration.
server='Sun Solaris IIS/6.0'
To limit the HTTP methods this can be done a few ways;
1) Use a servlet filter
2) Use web.xml and security constraints on those method types
3) ???
-Tim
LFM wrote:
Hi!
I'm har
gt; Connection: close
>
> What I'm I doing wrong?
>
> Thanks!
>
> Leandro
>
>
>
> On Thu, 2005-08-11 at 15:56 -0400, Tim Funk wrote:
> > The Server header can be configured in the declaration.
> >
> > server='Sun Solaris IIS/6.0'
> >
on.
>
> server='Sun Solaris IIS/6.0'
>
> To limit the HTTP methods this can be done a few ways;
> 1) Use a servlet filter
> 2) Use web.xml and security constraints on those method types
> 3) ???
>
>
> -Tim
>
>
> LFM wrote:
> >
The Server header can be configured in the declaration.
server='Sun Solaris IIS/6.0'
To limit the HTTP methods this can be done a few ways;
1) Use a servlet filter
2) Use web.xml and security constraints on those method types
3) ???
-Tim
LFM wrote:
Hi!
I'm hardening a Web
Hi!
I'm hardening a Web Server running Tomcat for a client, but I'm having
difficulty in finding information on how to accomplish the following
tasks (bored of googling so I decided to ask here):
1. Remove/modify the banner presented by the coyote connector on the
server header of an http reply.
2
Hello all
I have a question, if you setup your own security in Tomcat by using your own
policy, is there anyway to modify this policy during runtime, without
restarting
tomcat itself? Is there any Java API you can use to modify the security manager
during run time?
Thanking you in advance
owsing again
-Original Message-
From: Ben Ricker [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 09, 2005 3:33 PM
To: Tomcat Users List
Subject: Re: tomcat security
Yes. There is the catalina.policy file in the conf/ directory. See
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/securit
Yes. There is the catalina.policy file in the conf/ directory. See
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/security-manager-howto.html
for details.
Ben Ricker
On 8/9/05, Cengiz Yazgan <[EMAIL PROTECTED]> wrote:
> Hi everybody
>
> I have a problem about tomcat security
Hi everybody
I have a problem about tomcat security
One of my friend wrote a single code and he can travel every folder on
server
I wonder is there any config file for jakarta for disabiling access instead
of his folder
Maybe you know on php there was a security settings on php.ini for
hi all,
we are having a problem with our Tomcat 5.5.9 cluster. We run 2 Tomcat
instances on physically different machines. For security we use normal
container managed security, configured in the web.xml. Session replication
works fine, and session id's are same across the two instances. We
maybe you must include web-app_2_3_2.dtd in your WEB-INF directory, and then
reload it ?
On 7/31/05, Ralf Schneider <[EMAIL PROTECTED]> wrote:
>
> Am Dienstag, 19. Juli 2005 23:55 schrieb Ralf Schneider:
> > Hi,
> >
> > I have some problems when turning the secu
Am Dienstag, 19. Juli 2005 23:55 schrieb Ralf Schneider:
> Hi,
>
> I have some problems when turning the security manager of Tomcat 5.5.9 on.
> When I load a JSP that has to be compiled after being changed I get a
> strange exception:
>
> ERROR [19.07.2005 23:30:45] (Appli
Simple solution: use SSL for all pages that have a session. AFAIK there's no
way to keep a session secure without it all being over SSL.
So the login process must be over SSL, and then everything until log-out should
be over SSL also (I'm making the assumption that you're only using sessions f
Hi All,
Cookie information goes to the server in a clear text I think. I don't
know it can be
configured to send as a cypher text.
When it goes in the network to browser, If not ssl enabled,
Cookie;Jsessionid;value can be seen through Ethereal and also copied, If
anybody tries with th
Hi All,
Forgive me if this question is answered elsewhere but I've had no joy so
far.
I have created a servlet that uses RMI to communicate with my application
server. This works great if I start Tomcat from the command line thus:
catalina run -security
However, I cannot find h
Hi,
I have some problems when turning the security manager of Tomcat 5.5.9 on.
When I load a JSP that has to be compiled after being changed I get a strange
exception:
ERROR [19.07.2005 23:30:45] (ApplicationDispatcher.java:704) -
Servlet.service() for servlet jsp threw exception
Thanks Mark. I agree, but they are the security people and I have to at least
try to comply. Do you think it would be feasible for us to change the
org.apache.catalina.authenticator.AuthenticatorBase for Tomcat 4.1.18 to change
the session ID post logging in? We'd obviously have to reco
Thanks a lot for your reply. We'll see if we can persuade our security guys to
drop this issue.
Kind regards,
Alex.
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Monday, 18 July 2005 2:50 AM
To: Tomcat Users List
Subject: Re: Tomcat security realms que
The short answers are:
1. No
2. No
The longer answer is:
This is categorically *not* a security issue with Tomcat. I have tested
this and Tomcat continues to operate correctly after a request with a
"very long" host header. This looks to me like an issue with your daemon.
And a fe
The problem you describe is true of any session tracking system running
over http. The solution is to use https.
However, here's a question to fire back at your security team:
"If you are worried about an attacker physically looking at a session ID
on a user's screen, what about
Hi all
I have a problem that's been raised by my security team to do with using
Tomcat JDBCRealms. We're using such realms to protect restricted resources. We
also have a custom login form. The steps Tomcat seems to follow when using such
a setup is:
1. Check to see if t
When using tomcat clusters on an untrusted subnet or using a routable
multicast address, i see the potential for a rogue tomcat instance to
join a cluster in order to hijack session information. This doesn't
seem to be cured
by any firewalling of incoming connections to the valid servers, as,
from
Hi,
We are using Tomcat 4.0.4 in our product. We have a daemon which is a wrapper
around the tomcat.
We are facing one security issue with the Tomcat. If we send a HTTP packet with
a long string in the Host field, it closes the connection.
EX:
>>telnet
GET /index.html HTTP/1.
Sent: 04 July 2005 20:13
To: Tomcat Users List
Subject: Re: Webapp security by IP range
Cope, Jared wrote:
> I was wondering if it is possible to apply some webapp security that will
> kick in for connections made from a certain IP range, and will not kick in
> for another set of IP rang
Cope, Jared wrote:
I was wondering if it is possible to apply some webapp security that will
kick in for connections made from a certain IP range, and will not kick in
for another set of IP ranges.
How about:
- deploy the app twice under different contexts
- use a remote address filter valve
Hi,
I was wondering if it is possible to apply some webapp security that will
kick in for connections made from a certain IP range, and will not kick in
for another set of IP ranges.
The scenario is that I want users on our Intranet subnet to not have to
authenticate, but if users visit the site
Configuation
--
Tommat 5.5.2
Windows XP
JDK 1.5
Requirement
--
I have a Security realm Authentication ready for a Web
Application linking to a Database. When the user sign
ups the form then he has to login into the application
through the signup form instead of directly
make sense.
If Tomcat is "bypassed" by Apache for static content, how should it
handle security for these requests.
Edao, Aliye schrieb:
Hi,
Why don`t you use Apache to protect your static contents??
You might want to use .htaccess ??
http://www.csoft.net/docs/micro/h
1:42 PM
Subject: Container Managed Security and mod_jk/Static Contents
Hello!
In order to improve performance for static contents I have setup Apache
with mod_jk. Now only Struts' *.do requests are served by Tomcat, the
rest is done by Apache. Works fine.
Now I want to restrict access to some
how do you authenticate ? basic ? form based ?
- Original Message -
From: "Torsten Römer" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Thursday, June 16, 2005 11:42 PM
Subject: Container Managed Security and mod_jk/Static Contents
> Hello!
>
>
: Torsten Römer [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 17. Juni 2005 00:42
An: Tomcat Users List
Betreff: Container Managed Security and mod_jk/Static Contents
Hello!
In order to improve performance for static contents I have setup Apache
with mod_jk. Now only Struts' *.do requests are serv
Hello!
In order to improve performance for static contents I have setup Apache
with mod_jk. Now only Struts' *.do requests are served by Tomcat, the
rest is done by Apache. Works fine.
Now I want to restrict access to some resources using using container
managed security. That also works
environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content
or something, then of course update the security constraint to constrain
that new directory.
Actually, one other thing... the references to the login form and the
login error page in the element I believe are relative to
environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content
or something, then of course update the security constraint to constrain
that new directory.
Actually, one other thing... the references to the login form and the
login error page in the element I believe are relative to
on you
login/error pages...
Øyvind
-Opprinnelig melding-
Fra: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sendt: 15. juni 2005 17:37
Til: tomcat-user@jakarta.apache.org
Emne: RE: Help/Examples setting up security settings2
Although I don't think this is the source of your proble
on you
login/error pages...
Øyvind
-Opprinnelig melding-
Fra: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sendt: 15. juni 2005 17:37
Til: tomcat-user@jakarta.apache.org
Emne: RE: Help/Examples setting up security settings2
Although I don't think this is the source of your proble
know much about what I'm
> doing. That is a good idea. Didn't think it would matter much for such a
> simple test.
Not a problem, we all go through a learning phase :) I'm not sure it
would matter either frankly, but it seems like it might... if you
request environment.jsp, th
Let's try that again so that you can see it.
See my comments/questions below.
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 15, 2005 11:37 AM
To: tomcat-user@jakarta.apache.org
Subject: RE: Help/Examples setting up security settings2
Altho
See my comments/questions below.
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 15, 2005 11:37 AM
To: tomcat-user@jakarta.apache.org
Subject: RE: Help/Examples setting up security settings2
Although I don't think this is the source of
environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content
or something, then of course update the security constraint to constrain
that new directory.
Actually, one other thing... the references to the login form and the
login error page in the element I believe are relative to
JSP files.
The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any
more) and the web.xml file in the WEB-INF subdirectory has been set up
to use the correct path. I also included the security-role element Frank
mentioned below.
The portion of web.xml looks like this:
http://java.sun.c
One other thing I see is you are missing security role definitions in
your web.xml. You'll want to add something like this:
spid_jsp
spid_jsp
The role-name element maps to the role you created in tomcat-users.xml,
and also maps to the security constraint's role-name
Gagnon, Joseph M (US SSA) wrote:
2. I have placed a WEB-INF directory under my test application
directory ([tomcat install dir]/webapps/ROOT/SPID_JSP) and put a web.xml
file in it. (SPID_JSP is where the JSP and HTML files reside.)
You will need to fix this before anything stands a chanc
) show me some
information about the environment.
OK, my understanding (as poor as that is) of this
authentication/security process is that based upon the setup just
described, if I try to access a page in my SPID_JSP area, I should be
presented with the login page. If I provide the correct user
na
Then, when they try to access the success page,
the request will be intercepted and the login page shown. If they enter
valid credentials, THEN the success page will be returned to them
automatically.
That part usually confuses people at first (I think it did me too for a
few minutes when I first d
OTECTED]
Sent: Monday, June 13, 2005 3:06 PM
To: Tomcat Users List
Cc: Tomcat Users List
Subject: Re: Help/Examples setting up security settings
Having just spent a couple of weeks integrating a new security framework
into an existing app, a framework that works in concert with J2EE
security, let me s
Hello,
In a section of my web.xml, i'll like to state that any
authentified user is allowed to access, no matter his role. I search the net
and found suggestion about using
*
or
any
but none seems to work, i am authentified but i g
I am
happy to do so. :)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Mon, June 13, 2005 3:45 pm, Caldarale, Charles R said:
>> From: Frank W. Zammetti [mailto:[EMAIL PROTECTED]
>> Subject: Re: Help/Examples setting up
> From: Frank W. Zammetti [mailto:[EMAIL PROTECTED]
> Subject: Re: Help/Examples setting up security settings
>
> Having just spent a couple of weeks integrating a new
> security framework into an existing app, a framework
> that works in concert with J2EE security, let me se
Having just spent a couple of weeks integrating a new security framework
into an existing app, a framework that works in concert with J2EE
security, let me see if I can help... Hang on, this is going to be a long
post!...
J2EE security (I *thimk* that's what it's called this week!) work
Hello,
Does anyone have any examples of how to set up my deployment descriptor
(web.xml in Tomcat 5.5.9) to do BASIC authentication (of any of the
other methods, for that matter)?
I've looked at various sources of information on the web (including some
of Sun's sites), but have not yet found good
Gagnon, Joseph M (US SSA) wrote:
Did I not say that I'm new to this?
I made no mention to whether or not I was trying to make it secure.
This is only meant to be used within my company's intranet and my
intention was to take the user account and then compare it with a set of
registered users in
Not if you are using mutually authenticated SSL.
On 6/10/05, Caldarale, Charles R <[EMAIL PROTECTED]> wrote:
> > From: Gagnon, Joseph M (US SSA)
> [mailto:[EMAIL PROTECTED]
> > Subject: Problem with security?
> >
> > I have a situation where I want to be able
can provide information on how to do this (keep in mind I'm
new at this), please let me know.
-Original Message-
From: Robert Harper [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:59 AM
To: 'Tomcat Users List'
Subject: RE: Problem with security?
-
many different ways it can be done) to perform user authentication.
>
> If anyone can provide information on how to do this (keep in mind I'm
> new at this), please let me know.
>
> -Original Message-
> From: Robert Harper [mailto:[EMAIL PROTECTED]
> Sent: Friday,
9:19 AM
To: Tomcat Users List
Subject: RE: Problem with security?
Did I not say that I'm new to this?
I made no mention to whether or not I was trying to make it secure.
This is only meant to be used within my company's intranet and my
intention was to take the user account and then
new at this), please let me know.
-Original Message-
From: Robert Harper [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:59 AM
To: 'Tomcat Users List'
Subject: RE: Problem with security?
I think you have missed the point that you cannot get user information
unless the
From: Gagnon, Joseph M (US SSA) [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 8:43 AM
To: Tomcat Users List
Subject: RE: Problem with security?
I believe I've covered that all in my original message. Read further.
-Original Message-
From: egan0019 [mailto:[EMAIL PROTECTE
I believe I've covered that all in my original message. Read further.
-Original Message-
From: egan0019 [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:10 AM
To: Tomcat Users List
Subject: Re: Problem with security?
Look into the ServletRequest interface. That inte
the request.getRemoteUser() method to ID the
> requesting user. When I do so, I keep getting null. After reading in
> the JSP and Java servlet specifications, I see that this call would
> return null if the user is not authenticated. Reading further, I get
> the impression that by
> From: Gagnon, Joseph M (US SSA)
> I have a situation where I want to be able to provide user
> access to an
> application by determining the identity of the requesting
> user, without
> them having to go through a login procedure.
OK. So what identity can the browser present that you wish to
> From: Gagnon, Joseph M (US SSA)
[mailto:[EMAIL PROTECTED]
> Subject: Problem with security?
>
> I have a situation where I want to be able to provide user access
> to an application by determining the identity of the requesting
> user, without them having to go through
1 - 100 of 1663 matches
Mail list logo
