> From: Nicholas Sushkin [mailto:nsush...@openfinance.com]
> Subject: Re: Should Form Authentication Valve restore request body on a PUT?
> The correct behaviour IMHO is to always GET the login form and return
> it as a response to the unauthenticated request of any kind. Then, once
> the form is
The bug was that if you do an unauthenticated POST, PUT, or DELETE, the Form
Authentication valve was trying to do a POST, PUT, or DELETE to the login
form. The correct behaviour IMHO is to always GET the login form and return it
as a response to the unauthenticated request of any kind. Then, on
Before being forwarded to login page, the request is saved and only then
turned into GET, before dispatching the forward to the login page. After login
form is submitted, the original request is restored from the saved state and
is replayed.
On Friday, October 07, 2011 12:51:48 Caldarale, Charl
> From: Brendan P Keenan [mailto:bkee...@csc.com]
> Subject: Adding Revisions
> I cannot find how to apply 1162959. Hopefully someone
> can tell me the steps or point me to documentation
Have you read this?
http://tomcat.apache.org/tomcat-6.0-doc/building.html
- Chuck
THIS COMMUNICATION MA
- Original Message -
> From: Brendan P Keenan
> To: users@tomcat.apache.org
> Cc:
> Sent: Friday, October 7, 2011 9:08 AM
> Subject: Adding Revisions
>
>
> I apologise if this has been answered somewhere else but I just haven't
> been able to find it...
>
> Server is running Windows 2
Hi
On Fri, Oct 7, 2011 at 2:20 AM, Pid * wrote:
> On 6 Oct 2011, at 19:22, Lahiru Gunathilake wrote:
>
> > Hi Charles,
> >
> > This is my usecase, I want to register my application URL to a repository
> > and there is another remote application who reads that URL somewhere and
> > invoke my app
> From: Nicholas Sushkin [mailto:nsush...@openfinance.com]
> Subject: Re: Should Form Authentication Valve restore request body on a PUT?
> I set request method to "GET" on all unauthenticated requests that
> forward to the login page.
I'm confused. If you turn a PUT into a GET, it would seem
Charles,
Thanks for the suggestion.
I set request method to "GET" on all unauthenticated requests that forward to
the login page. That tested well for all RESTful methods, POST, PUT, GET, and
DELETE.
Submitted a patch.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51940#c2
On Friday, Oct
I apologise if this has been answered somewhere else but I just haven't
been able to find it...
Server is running Windows 2003 R2 SP2
Tomcat 6.0.33
I need to mitigate CVE-2011-3190. It appears revision 1162959 fixes it.
I cannot find how to apply 1162959. Hopefully someone can tell me the steps
Yup. The body of the POST got written into my login.html. Took me a while to
notice that. Good one!
On Friday, October 07, 2011 10:13:00 Christopher Schultz wrote:
> If that's what's happening, the DefaultServlet is handling the
> request, seeing that it is a PUT, and then complaining that it's
>
On 07/10/2011 00:20, Bill Wang wrote:
> Hi Tomcat Guru,
>
> Recently one of Tomcat application has performance issue, which get slow
> respond with high sessions.
You should find out exactly why that is, rather than guessing.
> One team member recommend me to adjust the session timeout from 60
On Fri, 2011-10-07 at 09:05 -0400, Stephen Caine wrote:
> OK, but can you point me to where I might learn how to do this?
See JavaDocs for HttpServletResponse; also RFC2616 (HTTP 1.1)
http://datatracker.ietf.org/doc/rfc2616/
But really, don't bother with this until you understand what th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill,
On 10/6/2011 7:20 PM, Bill Wang wrote:
> Recently one of Tomcat application has performance issue, which get
> slow respond with high sessions.
Can you give us some numbers? At what point do things slow down, and
by how much do they slow down?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arvind,
On 10/7/2011 3:42 AM, S Arvind wrote:
> Im getting this error randomly in the web application which does
> the XML-XSL transformation. Same data when reloaded exception does
> not occur.
>
> --error 1
>
> 1. Caused by: java.lang.Arra
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nicholas,
On 10/6/2011 10:08 PM, Nicholas Sushkin wrote:
> I now reconfigured DefaultServlet in conf/web.xml with
> readonly=false. Now, an unauthenticated PUT (with or without a
> body) returns 204 No Content instead of the login form. Seems like
> a
On 7 October 2011 12:10, Konstantin Kolinko wrote:
> 2011/10/7 Paul Wilson :
> > Hi there,
> >
> > Simple question. If a client posts:
> >
> > POST /app/main%3bjsessionid=BF18D19ED62BB5F78E519018E618FB64 HTTP/1.1
> >
> > whilst also specifying:
> >
> > Cookie: $Version="0"; JSESSIONID=BF18D19ED62
Konstantin
>>
>> I have set meta tags for no cache, no pragma, etc., all to no avail.
>
> What do you mean?
> tags inside HTML document are useless for this. You have to set
> HTTP headers.
OK, but can you point me to where I might learn how to do this?
>>
>> What is most interesting is that a
2011/10/7 Paul Wilson :
> Hi there,
>
> Simple question. If a client posts:
>
> POST /app/main%3bjsessionid=BF18D19ED62BB5F78E519018E618FB64 HTTP/1.1
>
> whilst also specifying:
>
> Cookie: $Version="0"; JSESSIONID=BF18D19ED62BB5F78E519018E618FB64;
> $Path=/app/
>
> isn't Tomcat supposed to strip t
Hi there,
Simple question. If a client posts:
POST /app/main%3bjsessionid=BF18D19ED62BB5F78E519018E618FB64 HTTP/1.1
whilst also specifying:
Cookie: $Version="0"; JSESSIONID=BF18D19ED62BB5F78E519018E618FB64;
$Path=/app/
isn't Tomcat supposed to strip the jsessionid path param too? I'm seeing
'i
Hi Konstantin,
Thanks for this, hope it will help, I'm using Tomcat version 7.0.20.
Regards,
Akshay
From: Konstantin Kolinko
To: Tomcat Users List
Sent: Wednesday, October 5, 2011 6:30 PM
Subject: Re: Regarding Catalina/Tomcat MBeans attributes/operations de
Im getting this error randomly in the web application which does the XML-XSL
transformation. Same data when reloaded exception does not occur.
--error 1
1. Caused by: java.lang.ArrayIndexOutOfBoundsException: 7 >= 7
2. at java.util.Vector.elementAt(Vector.java:427)
3. at
21 matches
Mail list logo
