Hello,
I am a newbie on SSL and in the official SSL Howto on Apache.org there are
several repeats of "Create a keystore" so I am not sure in the SSL
configuration.
It is necessary to use OpenSSL to convert the Certificate from the CA?
We bought a QuickSSL Premium Certificate
(http://www.trust
AFAIK, there isn't a lot of documentation. But there isn't that much too
it. You need to implement a ProtocolHandler
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/ProtocolHandler.html)
This class is responsible for managing the transport (e.g. ServerSocket) and
request threa
With BASIC authentication, the credentials are stored in browser memory
for the life of the browser process whether that be minutes or days. It
won't ask again until it's closed and a new browser process started.
The browser requests a resource, the server comes back with either a 403
or 401
Following lines are from apache user guide.
(http://httpd.apache.org/docs/1.3/howto/auth.html#basicworks)
Because the HTTP protocol is stateless, each request will be treated in the
same way, even though they are from the same client. That is, every resource
which is requested from the server wil
I am really sorry if my explanation was confused you.
aaa.com -> Deployed in Tomcat and using FORM authentication.
bbb.com -> 1) Static data files are deployed in apache and Httpd & .htaccess
is used for authentication.
2) Dynamic data files are deployed in Tomcat and BASIC
aut
sridharmnj wrote:
My understanding:
When server receives a request for a secured resource first time (depending
on url-pattern and security constraint settings in web.xml), first it asks
for credentials using dialog box if its BASIC authentication or login form
if its FORM authenticatin and perf
Annony Mouse wrote:
Thank you very much for the fast and detailed response. It is very
reassuring to understand how the attack would actually work, and even
better that it is more limited in scope than I had feared.
On 6/3/08, Mark Thomas <[EMAIL PROTECTED]> wrote:
7.) Communications failur
My understanding:
When server receives a request for a secured resource first time (depending
on url-pattern and security constraint settings in web.xml), first it asks
for credentials using dialog box if its BASIC authentication or login form
if its FORM authenticatin and performs authentication
Thank you very much for the fast and detailed response. It is very
reassuring to understand how the attack would actually work, and even
better that it is more limited in scope than I had feared.
On 6/3/08, Mark Thomas <[EMAIL PROTECTED]> wrote:
>
> > 7.) Communications failure can only mean on
I'll first admit that I've never used single sign-on, so most of this is
educated conjecture on my part. Hopefully it'll spark some discussion
in the right direction.
Your right -- jvm version is not going to make a difference with the
issue you are seeing. Plus upgrading the jvm may break t
Annony Mouse wrote:
1.) Is the statement 'A remote user can obtain session information' a
statement of fact ( someone has used this exploit to do this very
thing), or a hypothetical worst case?
I don't recall seeing a specific example of this but it would be prudent to
assume that this was poss
I hope you did not observe the following lines from my post.
> bbb.com is an old project which was developed around 9 yrs ago and I am
> not allowed to modify/reengineer the architecture.
It is successfully running on those versions in production and client does
not want to upgrade versions for
karthikn wrote:
Hi
Please some body correct me
Intra net Application of 1000+ users (simultaneously)
Will this config work ?
O/s = UNIX 11 PA Risc
SDK : J2SDK16
TOMCAT 5.5.23
RAM = 2 GB
No idea. You'll need to do some load testing with your application on your
hardware to find out.
M
its really a corba questions, search in those forums
http://java.sun.com/j2se/1.4.2/docs/api/org/omg/CORBA/LocalObject.html
Filip
Antonio González Artime wrote:
Hello everybody:
I'm trying to develop a simple application that uses a servlet and
calls a Corba function; very similar to this tu
and you're stuck on Java 1.3.1 and cannot go forward?
-Original Message-
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 4:17 PM
To: users@tomcat.apache.org
Subject: RE: Single sign on issue with Tomcat and Apache
Apache 2.0.50
Tomcat 5.0.27
Java 1.3.1
Propes,
Apache 2.0.50
Tomcat 5.0.27
Java 1.3.1
Propes, Barry L wrote:
>
> what versions are you using? Of each?
>
> -Original Message-
> From: sridharmnj [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 03, 2008 3:52 PM
> To: users@tomcat.apache.org
> Subject: Single sign on issue with Tomcat a
what versions are you using? Of each?
-Original Message-
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 3:52 PM
To: users@tomcat.apache.org
Subject: Single sign on issue with Tomcat and Apache
Hi,
I am integrating two websites using single sign on. I have two si
Hi,
I am integrating two websites using single sign on. I have two sites namely
aaa.com and bbb.com.
When a user navigates from aaa.com, as he is already authenticated in it, he
should be allowed to bbb.com without asking the credentials again. This is
my requirement.
aaa.com is based on Tomcat
Slobodanka-
if you want to dynamically create and access TC entities (engines,connectors
etc) from outside TC environment
you would need to implement TC embedded server
http://www.vsj.co.uk/articles/display.asp?id=319
HTH
Martin
- Original Message -
From: "Slobodanka Dimitrijevic" <[E
Hi Johnny,
Thanks for the answer but I think I didn't explain my problem correctly.
I need the following situation:
1. a java application has to run continiously outside tomcat (when tomcat
crashes the application must be still running). This application runs in its
own virtual machine (VM1).
In the process of documenting potential security vulnerabilities in
our product we have found that one of our releases is using a version
of Tomcat which is susceptible to CVE-2007-5333, a session hi-jacking
attack marked as low severity. Being a released product, we cannot
update the Tomcat insta
Hi Filip,
Yes my logs show those member discovery. The screenshots of logs of two
instances are given below:
*Log on Instance 1: (started first)*
Jun 3, 2008 11:13:52 AM org.apache.tomcat.util.digester.SetPropertiesRule
begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Settin
Hello everybody:
I'm trying to develop a simple application that uses a servlet and
calls a Corba function; very similar to this tutorial:
http://java.sun.com/developer/technicalArticles/Servlets/corba/
I deploy the application but when I use POST to send a variable to the
CORBA function, Tomcat
OK, i have a webapp which has it's own context element. I want all the
System.out and System.err stuff from this webapp to go to it's own special
log file as opposed to catalina.out. My reading of the Tomcat docs (version
5.5) seems to indicate that I can do this by following these steps:
1. set
Hi Filip,
Yes my logs show those member discovery. The screenshots of logs of two
instances are given below:
*Log on Instance 1: (started first)*
Jun 3, 2008 11:13:52 AM org.apache.tomcat.util.digester.SetPropertiesRule
begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Settin
On Tue, Jun 3, 2008 at 9:52 AM, Jonathan Mast
<[EMAIL PROTECTED]> wrote:
> I'm wondering if the <%@ include file="somefile.jsp" %> method of including
> a file is more error prone (on Tomcat) than flush="true"/> approach?
>
> Any ideas would helpful, especially an explanation of what is being done
One is static (translation time) the other dynamic (runtime).
http://tinman.cs.gsu.edu/~raj/oracle10/web.1013/b14430/workjsp.htm
On Jun 3, 2008, at 12:21 PM, Jonathan Mast wrote:
I don't think they are exactly the same. I had something that was not
working with but did for <%@ include %>.
I
I don't think they are exactly the same. I had something that was not
working with but did for <%@ include %>.
I understand this the new, XML-complaint way to do things, but
there must be subtle differences in how things are being done between these
2 approaches.
On Tue, Jun 3, 2008 at 1:07 PM
they are identical. you will want to use if you care to
have your JSP pages in form of valid XML.
On Jun 3, 2008, at 12:52 , Jonathan Mast wrote:
I'm wondering if the <%@ include file="somefile.jsp" %> method of
including
a file is more error prone (on Tomcat) than page="somefile.jsp"
flus
I'm wondering if the <%@ include file="somefile.jsp" %> method of including
a file is more error prone (on Tomcat) than approach?
Any ideas would helpful, especially an explanation of what is being done
under the hood when these 2 mechanisms are being invoked.
Tomcat 5.5
Java 1.4.2
Thanks
Hello,
I've just deployed a JAAS module onto Tomcat 5.5.23 into the server/lib
file to read a cookie and authenticate via that method for the url:
localhost:8080/ucal. However one of the applications that I'm trying to
log into currently has form-based authentication set in its web.xml:
FOR
Alvaro,
You certainly can easily use a Filter with your JSPs.
Take a look at the jsp-examples webapps included with tomcat. If you
look at WEB-INF/web.xml and the structure of WEB-INF/classes/ you
should see how to use the example that Jim provided.
For example RequestDumper:
In web.xml
On Tue, Jun 3, 2008 at 8:15 AM, Álvaro Morillas (Sortes Ing. Inf. S.
L. ) <[EMAIL PROTECTED]> wrote:
> Although I don't use servlets, only jsp's, it's a solution I've thought,
> using a log taglib. The problem is that I must insert the code in every jsp
> and it's painful XD
>
> I was looking for
My fault...
I have JkMount in my httpd.conf
and JkMount in my ssl.conf which is responcible for the SSL connections...
and I added
JkMount /app/resources/* ajp13
only in httpd.conf and not in ssl.conf
And was stupid enough to not try http connection (would see thet it
works) but was only trying
Although I don't use servlets, only jsp's, it's a solution I've thought,
using a log taglib. The problem is that I must insert the code in every jsp
and it's painful XD
I was looking for an easier solution if it's available.
Thanks anyway :)
Álvaro Morillas Correa
VicioJuegos.com - Sortes Ing
Yeah, replace with whatever version you wish.
-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Sent: Monday, June 02, 2008 5:03 PM
To: Tomcat Users List
Subject: RE: installing Tomcat Container
> From: Stephen Wick [mailto:[EMAIL PROTECTED]
> Subject: RE: installi
Hi all,
I have configured a stand alone tomcat server with apr support that hosts a web
application. I wanted to enable client authentication so I put in server.xml the
following:
Everything seems ok, but there are some issues ...
1) When CRL expires, Tomcat rejects every client certificate as
web.xml is the default coming from tomcat 5.5.26
the strange thing is in mod_jk log file
in the beginning it says
[Tue Jun 03 17:32:40.640 2008] [22746:2934367456] [debug]
uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule
'/app/*.jsp=ajp13' source 'JkMount' was
added
[Tue Jun 03 1
Niki Diulgerov wrote:
It's not because of missing or insufficient rights.
The connector just don't want to accept the rule
JkMount /app/resources/* ajp13
and to redirect the request to tomcat and gives the error
[Tue Jun 03 17:04:23.021 2008] [22353:2934367456] [debug]
jk_map_to_storage::mod_
I use a filter servlet to log entry/exit timestamps for requests along with
some shell scripting to process the logs looking for "still open" requests.
I've been using it for over a year for a production site, it's been very
useful for debugging unexplained slowdowns, hangs, etc.
Filter is pretty
Can you attach your web.xml file... I'm new to this too but I think you need to
have appropriate url filters setup -- I might be using the wrong terminology
here.,.,.
On Tue, Jun 03, 2008 at 05:22:06PM +0300, Niki Diulgerov wrote:
> It's not because of missing or insufficient rights.
> The connec
It's not because of missing or insufficient rights.
The connector just don't want to accept the rule
JkMount /app/resources/* ajp13
and to redirect the request to tomcat and gives the error
[Tue Jun 03 17:04:23.021 2008] [22353:2934367456] [debug]
jk_map_to_storage::mod_jk.c (3211): no match f
Hi everyone. This is my first post in this group. I hope this question
hasnt been answered before.
I have a problem with my web application. It is growing and in certain peak
moments the server gets very busy. I work with Tomcat 5.5 and IIS. I think
the problem is within my programming (not co
Could it be as simple as not having rights (permissions) to see the
/app/resources directory or the showPDFLetter file ?
Landon Fabbricino
IT Applications
Phone: 403.225.7515
Fax: 403.225.7604
[EMAIL PROTECTED]
>>> Niki Diulgerov <[EMAIL PROTECTED]> 6/3/2008 8:04:47 AM >>>
Hello there,
I compil
Hello there,
I compiled the mod_jk 1.2.26 from the source for Red hat 5.1x64
The module works as intended except some strance gehaviour
I have in my httpd.conf
JkMount /app/*.jsp ajp13
JkMount /app/*.do ajp13
And this works OK
but my application have a URLs like
/app/resources/showPDFLetter?form
- Original Message -
From: "Slobodanka Dimitrijevic" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Tuesday, June 03, 2008 11:34 AM
Subject: RE: How to run own java application within Tomcat
Hi Johnny,
Thanks for your mail. Can you please tell me :
1. where should I stop Java ex
Rainer Jung wrote:
JLucas ZB wrote:
Hi everybody,
which are the best Apache, mod_jk versions to use with Tomcat 5.5.17 ?
Like Mark said. At the moment 1.2.27.
CORRECTION - CORRECTION - CORRECTION
1.2.26
Sorry, I was ahead of time.
Hi
>> Like Mark said. At the moment 1.2.27.
The URL
"http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win32/";
does not mention of 1.2.27 but only 1.2.26
Please Provide URL to find the same
MOD_JK 1.2.27
with regards
Karthik
Rainer Jung wrote:
JLucas ZB wrote:
Hi
Please some body correct me
Intra net Application of 1000+ users (simultaneously)
Will this config work ?
O/s = UNIX 11 PA Risc
SDK : J2SDK16
TOMCAT 5.5.23
RAM = 2 GB
The Web application is simple and uses JNI to connect to UNIX LOCAL
Application
JAVA_OPTS="-server -Xms200m -Xmx2548
Hi,
How can i enable printing the Page Generation time in the access logs
I have set the below in server.xml file
not sure on how to enable printing the Page Generation time in the access
logs.
Tomcat and OS details : tomcat-5.0.27-r6,Gentoo OS and sun-jdk-1.5.0.12
Thanks and Regards
Kaushal
Hello,
I'm trying to use CLIENT-CERT authentication with Tomcat. When I get
the attribute "javax.servlet.request.X509Certificate" the first time,
it returns the certificate. So far, so good. But if I access the same
JSP after that, or another JSP that get the same attribute, it returns
null. W
Hi,
I am interested in building a custom connector for Tomcat. I have checked the
Tomcat source code and found the source code for the ‘http11’ and ‘ajp’
connectors. I thought of trying to understand the code of these two connectors
and then try to implement mine based on these. However I am no
Hi Johnny,
Thanks for your mail. Can you please tell me :
1. where should I stop Java executable inside Tomcat directory
structure?
2. which configuration file and what should I configure inside Tomecat
if I want to run executable java application during sturtup of Tomcat?
Thanks in advance,
Sl
JLucas ZB wrote:
Hi everybody,
which are the best Apache, mod_jk versions to use with Tomcat 5.5.17 ?
Like Mark said. At the moment 1.2.27.
Is there any compatibility table for those products ?
mod_jk is compatible with httpd 1.3, 2.0 and 2.2.
It is also compatible with all backends, that
54 matches
Mail list logo
