hai all,
i have one major issue in my project..
My project is developed using jsp,servlets in Tomcat5 with MySql as
database.. i am using type1 driver
My project is now used by end users in intranet..
When multiple users are accessing at the same time ,its throwing too many
connections exception a
hai all,
i have one major issue in my project..
My project is developed using jsp,servlets in Tomcat5 with MySql as
database.. i am using type1 driver
My project is now used by end users in intranet..
When multiple users are accessing at the same time ,its throwing too many
connections exception a
Maurice Yarrow wrote:
Thanks for adding this thought. As per my previous note on this
subject, in light of your (relative) confidence in using IP, maybe
I _should_ reconsider the getRemoteAddr() and simply use it as an
addt'l advisory for making session auth decision on successive
pages as the
You cannot give them their own version of server.xml - unless they each run
their own complete copy of Tomcat, which you probably do not wish to do.
What might work instead is to give them either their own virtual host, with
their own webapps directory ... Or maybe using Tomcat 5.5.x given them ea
Tomas Hulek wrote:
Unfortunately, filters are skipped (ie. not called at all) when form-based
login page is processed as a result of client requesting a secure area.
We tried that too...
By the way, the original URL that the client requested is hidden in the
session in a way which prevents the
When implementing a tomcat cluster, we can monitor the cluster via JMX.
So, if we implement tomcat clustering under the Geronimo hood, what JMX
components are available as GBeans to allow us to monitor the tomcat
cluster running with Geronimo?
Have all the necessary JMX components been made avail
here is the situation.there would be one tomcat
running on a server.multiple users log into the server
.each user should be able to start the tomcat and shut
it down without interfering others.they would have
their own version of sever.xml.so they loginto the
server using telnet start the tomcat ru
Sorry,
in my previous message, I did not mean the working dir but the temp
dir(obtained with javax.servlet.context.tempdir).
Romain
Mark Thomas wrote:
Romain Quilici wrote:
Hello Dies,
the working directory would be fine, but my images need to be accessible
via a url(which is not the case i
Supposing that your secure area is using a constantly
different URL path than your non-secure pages you
could create a filter to modify the default path for
the jsessionid cookie to be valid only for non-secure
pages.
For example, if your non-secure site is at
http://mysite.com/public/...
and you
Long:
Thanks for adding this thought. As per my previous note on this
subject, in light of your (relative) confidence in using IP, maybe
I _should_ reconsider the getRemoteAddr() and simply use it as an
addt'l advisory for making session auth decision on successive
pages as they transit http/h
Hello David, Tomas:
About two months ago, I tried using the getRemoteAddr() for doing IP
check as an addtional auth metric, but found exactly than on local
net, this did not discriminate in many cases and only a single IP
was returned for hosts on LAN. So I decided that there was too
much ambigu
Hi ,
Thanks for the replies, really appreciate that.
I am using BASIC because i am authenticating webservice calls. I
already have FORM for a sister application which provides web based access.
I want to log authentication failures.
Is the only option i have is overwrite
Just change the name of the context xml file from manager.xml to
MyManager.xml. Restart tomcat and the context name of the manager
webapp will follow. Tomcat 5.5 made a change that nearly obsoletes the
path attribute all together taking the name of the context xml file as
the path.
--David
I can also imagine this company gives employees the go-a-head and
hijack each others session. It would also reward the idiot(s) that can
do it best with double pay...
Your imaginary company example doesn't really happen within a real
company, does it? Usually there are codes of conduct and policie
This is from the javax.servlet.Servlet class (service method) documentation-
"Servlets typically run inside multithreaded servlet containers that can handle
multiple requests concurrently. Developers must be aware to synchronize access
to any shared resources such as files, network connections,
I wonder if associating (and checking) the request IP with the
session would reduce the problem to some acceptable level. What is
the chance of a session being hijacked from the same network
(face-ip)?
Another question is can the original request IP be spoofed?
In this case the chances are rela
I’ve tried this before so let me rephrase this.
I am using Tomcat to perform the authentication and I have
an app that is adding new users to the tomcat-users database just fine. The
problem is that I’d like to get the role and group attributes back. I
would rather not keep the informat
But i can have only one instance of tomcat in memory.
--- "Sharma, Siddharth" <[EMAIL PROTECTED]>
wrote:
> ftp? You mean telnet or rsh or ssh or something
> right?
>
> Anyhow, create a different instance of tomcat for
> each user:
>
> Recursively copy the following directories from
> CATALINA_H
In this case the chances are relatively high - imagine a company using a
proxy to connect to the Internet. The client IP does not change, a someone
in the company sniffing can easily hijack sessions from his/her colleagues.
Tomas
Better to change my question:
When a session associated with a client is created?
Hi,
I have a filter (for /*) in which I'm caching something in the
session. Here is a piece of code:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) {
HttpServle
ftp? You mean telnet or rsh or ssh or something right?
Anyhow, create a different instance of tomcat for each user:
Recursively copy the following directories from CATALINA_HOME to a new
location (say /usr/tomcat/instance_n) to create a new instance:
webapps
temp
shared
conf
logs
Then change the
In Tomcat 5.0.x, it was possible to change the default context of the
manager application by modifying the path attribute of context element,
in the $CATALINA/conf/Catalina/localhost/manager.xml file, from
"/manager" to something else.
Then you could access the manager application via
http://127
can any one tellme how do i implement this using
tomcat
tomcat would be running on a server.a user would log
into the server using ftp and he has his own version
of server.xml.he some how starts the tomcat runs his
application and shuts it down.when other user logs
into the server he should be ha
I wonder if associating (and checking) the request IP with the session
would reduce the problem to some acceptable level. What is
the chance of a session being hijacked from the same network (face-ip)?
Another question is can the original request IP be spoofed?
Long
- Original Message -
Unfortunately, filters are skipped (ie. not called at all) when form-based
login page is processed as a result of client requesting a secure area.
We tried that too...
By the way, the original URL that the client requested is hidden in the
session in a way which prevents the web app from copying
We have tried it, but the internal session attributes where Tomcat stores
the original request are hidden to application, and are certainly not
accessible to javax.servlet.* API (and we do try to write PORTABLE
application, relying on the specification and not on the internals of one
particular se
Hi all,
I have a sun server with these specifications:
Server Information
Tomcat Version
JVM Version
JVM Vendor
OS Name
OS Version
OS Architecture
Apache Tomcat/4.1.31
1.4.1_02a-b01
Sun Microsystems Inc.
SunOS
5.9
sparc
And the logs dir has all users permissions. Tomcat
Hello,
my application runs on Tomcat 4.1.18 and I have implemented a context listener
for it implementing the ServletContextListener interface.
The contextDestroyed method runs after 30 minutes of inactivity. Why? I would
have thought that the contextDestroyed method would run only at Context or
After successfuly connecting to the databases through JDBC drivers over a
proxool pool,
I tried to configure JNDI datasources so that my dbforms webapp could
cleanly call
and implement connections through the JNDI space.
In tomcat 5.5 the web context file looks like :
I have two more DBs
Mark,
I don't know what it was, however, I've got it working now. The Exception
thrown in my version of FormAuthenticator is thrown now YESSS!!!
My best guess is that I mixed up some directories when building the jar
containing my Authenticator-classes, anyways, subclassing FormAuthenticator
and
Hi Mark,
currently it's pretty busy here, therefore I couldn't try your suggestion
yet.
However, what I've tried so far is:
I've subclassed *all* Authenticators from
org.apache.catalina.authenticator(Digest, Form and SSL) since I
thought that maybe some other Authenticator
is being triggered si
common/lib
Zohar wrote:
When using JDBCRealm, where should I put my driver jars?
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.8/415 - Release Date: 8/9
Well HTTP Cookies have a solution to this problem. They have a "Secure"
keyword in the Set-Cookie line. This stops the client leaking the
cookie outside of a secure channel.
The problem is I dont think Tomcat keeps track and flags if a session
has been exposed via a non-secure channel or
A little googling confirmed my earlier suspicion. The 401 response
contains the error page. This is why you can't redirect a 401 error
like a 404 or other error responses.
-David
Pid wrote:
If you're using a JDBC realm then you are using Tomcats authentication,
which operates at a higher l
> Push a url to a servlet which then serves the images from the working
> directory?
In which you could also set the headers (images are temporary, so maybe
set Cache-Control, Expires?).
Regards,
Dies
Mark Thomas wrote:
Romain Quilici wrote:
Hello Dies,
the working directory would be fine,
When using JDBCRealm, where should I put my driver jars?
If you're using a JDBC realm then you are using Tomcats authentication,
which operates at a higher level than Filters and Servlets, so you can't
insert anything into the chain there.
With Basic Auth, the browser does the submission of credentials, based
on the error codes that the server sends.
S
I believe in BASIC auth, the client already has the auth failed page
during authentication. Once authentication fails, that page is
displayed. Short of the images and other resources the error page
needs, there is not another request to the server hence no filter call.
--David
Dhiraj Ramakr
Right. Tomcat stores the original request info in the session before
redirecting to the login page. Invalidate the session and the original
request url is gone.
You could try (and I haven't tried this) is to find the original request
info stored in the old session, pull it out of the old ses
Tomas Hulek wrote:
> Any hints how to fix it?
Again, do all access to your app under https.
Mark
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
Romain Quilici wrote:
> Hello Dies,
> the working directory would be fine, but my images need to be accessible
> via a url(which is not the case if they are located inside the temp dir)
> In fact when an image is generated, I push the url inside the client
> browser, the new url automatically repla
Hi.
I need to measure the traffic pr. month/year for each virtualhost. How
can I do that with Apache/Tomcat?
Lars Nielsen Lind
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
David Smith skrev:
Lars Nielsen Lind wrote:
I also now have tried to move the file kontakt.jsp with:
<%@ page language="java" contentType="text/html;charset=ISO-8859-1"
pageEncoding="ISO-8859-1" import="java.sql.*, java.io.*, java.util.*,
internet.database.*, internet.log.*" %>
<%
internet
43 matches
Mail list logo
