Hi, I'm using Apache Bench (ab) to send 1,000 requests with a
concurrency of 500 to a simple servlet on Tomcat trunk (revision 992708,
2010-09-03) which uses request.startAsync() and
Executors.newFixedThreadPool(10) to do the work and return a few bytes
of response and asyncContext.complete().
far easier to implement than HTTPS
what can MIM access with just the session-id?
is this comparison DIGEST vs HTTPS documented
Martin
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten
On 04/09/2010 17:27, André Warnier wrote:
> Digest authentication is not very popular, and rather a pain to
> implement yourself.
> The reason why it is not very popular is that it is a bit of a halfway
> solution : it does avoid user passwords to be transmitted in clear over
> the net, but it is n
Brian McBride wrote:
...
Ok - now to figure out how to implement digest authentication ...
Digest authentication is not very popular, and rather a pain to implement
yourself.
The reason why it is not very popular is that it is a bit of a halfway solution : it does
avoid user passwords to be
My application uses a JNDIRealm to provide authentication, which is
working fine. However within my application I now have need to query
the same LDAP server which the JNDIRealm is configured to connect.
Is there a way that I can either create a managed resource for LDAP
connectivity that I can c
Hi Jason,
Thanks for the response.
On 04/09/2010 15:27, Jason Britton wrote:
I would look at a servlet filter to provide this sort of dynamic access
control.
That's what I'm doing. The filter needs to know the user id - and I was
hoping to resuse Tomcat's authentication mechanism for that.
Hi Charles,
Thanks for the quick answer.
On 04/09/2010 15:20, Caldarale, Charles R wrote:
[...]
Declarative security is intentionally static;
Its not the declarative access control I want to use - I'd have liked to
be able to resuse the authentication code ...
t
[...]
This is very plain
2010/9/4 michel :
> - Original Message - From: "Ognjen Blagojevic"
>
> To: "Tomcat Users List"
> Sent: Friday, September 03, 2010 6:42 AM
> Subject: Re: URL Rewrite
>
>
>> On 3.9.2010 12:02, michel wrote:
>>>
>>> I have been using the tuckey urlrewrite with some results, in that if I
>>>
I would look at a servlet filter to provide this sort of dynamic access
control. Map urls of your choosing to pass through this servlet filter, the
servlet filter could look up potentially changing list of access control
rules and route request to login page or whatever page you'd like if user is
> From: Brian McBride [mailto:bwm.topmea...@googlemail.com]
> Subject: interaction between .forward() and
> I want to have no authorization constraint because some resources have
> public access and no authentication is required for access to those
> resources.
Declarative security is intenti
From: Wesley Acheson [mailto:wesley.ache...@gmail.com]
> Subject: ThreadLocal and NIO
> If I understand it correctly. If we change to use NIO for the
> connectors it isn't thread per request any longer
No, the same thread still processes one request all the way through. However,
there is no lo
On 04/09/2010 12:41, Pid wrote:
> On 04/09/2010 11:05, Rainer Jung wrote:
>> On 02.09.2010 18:55, Pid wrote:
>>> On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
> ..lots of info is available by JMX, once the server is up. In Java 6
> you
On 04/09/2010 11:05, Rainer Jung wrote:
> On 02.09.2010 18:55, Pid wrote:
>> On 02/09/2010 17:31, Christopher Schultz wrote:
>>> Pid,
>>>
>>> On 9/2/2010 11:51 AM, Pid wrote:
..lots of info is available by JMX, once the server is up. In Java 6
you can attach to the process locally, witho
On 03.09.2010 00:20, Paul Szynol wrote:
Hi, Chris,
Thanks for your response. I do get those requests, but it seems they
always generate standard user agent information, which I then store in
the associated session object. These session objects don't have any user
agent information--that's why I
On 02.09.2010 18:55, Pid wrote:
On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
..lots of info is available by JMX, once the server is up. In Java 6
you can attach to the process locally, without having to configure the
JMX ports because it injects the ma
Hi,
I want to implement discretionary access control in an app running in
Tomcat - i.e. access controls on URLs served by Tomcat can be changed by
users. I expect to have a 1M resources each with its own ACL. Some
resources have 'public' access. No authentication should be required to
ac
Hi,
Currently we use a filter and log4j's NDC to store details of the request
such as our identifier for the user and their Ip address. We then have a log
pattern which puts these details in the log. This way if we have any errors
we can easily associate them back to the origional request. This w
17 matches
Mail list logo
