Re: Form-based Container Security with SSL

2009-05-11 Thread Guojun Zhu
Dear Chris, Thank you very much. What we really want is that the login username/password communicates encrypted. Everything else can be in clear-text. (We also need the log-out, so I cannot use the digest authentification.) > Showing a non-secure login page isn't a problem, is it? You just n

Re: Form-based Container Security with SSL

2009-05-08 Thread Guojun Zhu
> Hash: SHA1 > > Guojun, > > On 5/8/2009 12:22 AM, Guojun Zhu wrote: >> Thank you very much.  I can get the link redirect.  But the tomcat's >> container security seems to happen before it. > > The container's security mechanism will always execute before

Re: Form-based Container Security with SSL

2009-05-07 Thread Guojun Zhu
pages/login.jsp /pages/error.jsp Sincerely yours Zhu, Guojun On Wed, May 6, 2009 at 8:54 PM, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Guojun, > > On 5/6/2009 3:05 PM, Guojun Zhu wrote

Form-based Container Security with SSL

2009-05-06 Thread Guojun Zhu
Hi, We had a small web application on tomcat 5.5. We use tomcat realm (MD5 digest) with the form-based login. I have a few questions on this. 1. When we use http, does the form-based login page send the username and password plainly or in the digested form? 2. We set up the ssl in 8443 port

Re: Path (file)InputStream for an independent module in tomcat?

2008-10-28 Thread Guojun Zhu
ndence > from the servlet container. Just need to have whatever create's an > instance of your DAO call servletContext.getResourceAsStream() and pass > the resulting input stream to your DAO instance. That might be easily > doable in a ServletContextListener. > > --David >

Path (file)InputStream for an independent module in tomcat?

2008-10-28 Thread Guojun Zhu
Hi, I am using tomat 5.5 in linux/windows mixed environment. The deploy target is both. I had a DAO module for which I would like to put some configuration into a separate file for easy access and modifying. However, I have some difficulty to figure out how to put the path in the FileInputStream

Re: Isn't there a PDF style document for v6?

2008-09-12 Thread Guojun Zhu
Here is the official link. http://tomcat.apache.org/tomcat-6.0-doc/index.html. But if you know nothing about tomcat before, a book might be a better place to start. Such as this one http://www.amazon.com/Tomcat-Definitive-Guide-Jason-Brittain/

Re: What can accept?

2008-08-19 Thread Guojun Zhu
6.0. It is probably not the specification complied solution. But good enough for me now. On Sun, Aug 17, 2008 at 6:27 PM, Bill Barker <[EMAIL PROTECTED]> wrote: > > "André Warnier" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL

Re: How to change Default URL to point to my application index.html page

2008-08-17 Thread Guojun Zhu
Hi Guojun, > > I have 2 files under path > /apache-tomcat-5.5.25/conf/Catalina/localhost > host-manager.xml > manager.xml > > i don't have ROOT.xml. > > > > > --- On Mon, 8/18/08, Guojun Zhu <[EMAIL PROTECTED]> wrote: > > > From: Guojun Zhu

Re: How to change Default URL to point to my application index.html page

2008-08-17 Thread Guojun Zhu
you can change the $Catalina.home/conf/Catalina/(your host)/ROOT.xml file to direct to your webapp path instead of the ROOT. On Sun, Aug 17, 2008 at 1:36 PM, flytoarun <[EMAIL PROTECTED]> wrote: > Hi All, > > I am using tomcat 5 version and my application's default page is > www.domain.com\myDir\

What can accept?

2008-08-17 Thread Guojun Zhu
Hi, I am usging tomcat 5.5.26 and trying to set up some container security with it. I am using struts 1.2.9 for my project. Basically I have three-type links 1. open to everyone, like the welcome pages. 2. restricted to one type of user role, say A 3. admin part, more restrictive, so for r

Re: where to place context configuration

2008-08-14 Thread Guojun Zhu
I am not sure about the second case. But I don't have context.xml in the war (META-INF/ directory) and the application works fine for me. On Thu, Aug 14, 2008 at 1:30 PM, Angus Mezick <[EMAIL PROTECTED] > wrote: > Am I the only one that is REALLY disturbed about that idea of REQUIRING > two ide

Re: Find out Who-I-Am for Realm User

2008-07-30 Thread Guojun Zhu
it above > SecurityFilter in the stack and intercepting the redirect made by the > security filter by subclassing HttpServletResponseWrapper. > > > On Wed, Jul 30, 2008 at 3:58 PM, Guojun Zhu <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > I am using re

Find out Who-I-Am for Realm User

2008-07-30 Thread Guojun Zhu
Hi, I am using realm for the authorization of my web application. I would like to include a administration section for things like modifying the user profile or password. I have several different user names associated with two different roles. Both roles give the pass to the web pages. I am w

Re: Configure authentication across an entire host...

2008-07-23 Thread Guojun Zhu
This might be what you want. "Single Sign on", http://tomcat.apache.org/tomcat-5.5-doc/config/host.html. It can let the different webapp share the same realm authentication. Guojun On Tue, Jul 22, 2008 at 11:00 PM, Nathan Wilhelmi <[EMAIL PROTECTED]> wrote: > Hello - Is there any way to setup

How to Set up Role in Tomcat

2008-07-15 Thread Guojun Zhu
Hi, We are using Tomcat 5.5 in a linux box. And I am trying to set up the Realm security for our webapp. I only want a password and username challenge for this webapp only. So I guess I need to set up a role corresponding to it directly. I look around and did not find much information about h