://www.domain.com/context/multi-level-subcontext)
Maurice
Caldarale, Charles R wrote:
From: Maurice Yarrow [mailto:maurice.yar...@comcast.net]
Subject: Re: Multi-level context starting at ROOT
My use-case is embedding meshcms inside my primary web app and
in a way that they can both share the same session
functionally the same as multilevelcontext.xml. What use case do
you have for such a thing?
--David
Maurice Yarrow wrote:
Hello Tomcat Users Grp and in particular, Pid and Konstantin Kolinko:
Thanks for your replies.
However, I evidently did not clearly state the problem I am having:
I can define the follo
the (apparently) unsolved threads in
the Spring users group, and appears to an issue only with the advent
of the "#" hash sign instead of the "_" underscore sign formerly used
in earlier Tomcats (I am using 6.0.18).
Maurice Yarrow
Pid wrote:
On 04/11/2009 11:13, Maurice Yarrow
/multi-level-sub-context/servletname
as well as the above
http://www.domain.com/servletname
So: question is:
Can this be done ?
How is it configured ?
What are the respective context xml files named ?
Thanks
Maurice Yarrow
Eric Chow wrote:
Hello,
How can run Tomcat5.5 in Java6 ?
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---
Rainer (and also, Martin)
Thanks, gentlemen.
Maurice
Rainer Jung wrote:
... for the quotes simply use the predefined xml entity:
"
Maurice Yarrow schrieb:
Hello, again, Tomcat community:
I found the answer to my own question below:
Use:
pattern="%{X-Forwarded-for}i %
zantine combination of single quote, double quote,
backslashes is required for this to be acceptable to the
serverl.xml XML readin ? (I tried a whole bunch of different
combinations but all error'ed out on startup.)
Maurice
Maurice Yarrow wrote:
Hello Tomcat community
I have tomcat (
simpler way ? Am I unaware of a direct way to do this ?
Maurice Yarrow
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
n for helping me consider the options for
dealing with this kind of behavior.
Maurice Yarrow
Caldarale, Charles R wrote:
From: Maurice Yarrow [mailto:[EMAIL PROTECTED]
Subject: Re: Tomcat Security
BUT: the finest granularity for what can be accessed in this
mechanism is by servlet, not by the path
me to this possibility. It was enlightening.
Maurice Yarrow
Christopher Schultz wrote:
Maurice,
Maurice Yarrow wrote:
So what I would like to know how to do is how to programmatically
bypass web.xml-based authorization and impose this authorization
on a access-case-by-case but take advanta
Chuck, Chris
(Pretty much) here are the rules:
The owner of a gallery can set its permission to public or passwd or
private. If passwd, the owner specifies (i.e., sets) a gallery-specific
password. The owner can change this anytime they like.
Additionally, owners must (of course) authenticate
Chris, Chuck
Yes, Chris: the below is the case exactly:
(Actually, galleries - and consequently their included
images and documents are authenticated, not specific images.)
So what I would like to know how to do is how to programmatically
bypass web.xml-based authorization and impose this author
Chris
Yes, the way my image server system (if I can call it such) works is
pretty much exactly what you are suggesting.
This issue, for me at least, is in the past-tense - i.e., already
working code.
And yes, as I say above, the model I devised is pretty much what you
suggested.
Maurice
family only. This pw specific to these views)
private: (only you, the owner, have access - so only your
login permits you to see these views)
Presumably, most views are public, but this has to be the owner's
decision, no ?
Maurice Y
n for Maurice: why are you trying to protect your images?
Do you want to stop people from ripping them off from your site?
It's not my call, but the customer's.
Maurice
Christopher Schultz wrote:
Chuck,
Caldarale, Charles R wrote:
From: Maurice Yarrow [mailto:[EMAIL PROTECTED]
Subj
hing. I.e., the visible URL
does not actually point to the file.
Any thoughts ?
Maurice Yarrow
Caldarale, Charles R wrote:
From: PraDz [mailto:[EMAIL PROTECTED]
Subject: Tomcat Security
How do i restrict users from entering the image/text files
path directly in the browser.
Instead
found zero (0) security issues. Of
course, I had previously secured the apache and tomcat servers separately
up to but not including running in a chroot'd jail.)
Conclusion: I certainly hope others have less complicated requirements.
Maurice Yarrow
--
thing in between two other things can only make a
process slower, but "apparency" is important on the web.)
So the question really is:
Is apache fronting tomcat via mod_jk apparently fast ?
(to your taste and needs, of course).
Maurice Yarrow
Christopher Schultz wrote:
Barak,
Hello, again, Hassan
I'd like to ask a couple of questions about your
| tomcat
httpd <--> mod_proxy_ajp <===> | tomcat
| tomcat
setup. And the reason that I'm intere
tps page
transition)
Maurice Yarrow
The loss of session is due to a combination of things, namely the fact that
I'm using mod_rewrite in order to add to and remove elements from the url
and the way that Tomcat binds sessions to a given context. I wanted to
filter out the app path infor
pound.
Unbelieveable, the lengths I will go to get what I want...
Maurice
Hassan Schroeder wrote:
On 9/25/06, Maurice Yarrow <[EMAIL PROTECTED]> wrote:
And, fronting with Apache 2.0, and using mod_proxy, I just had one heck
of a time getting this to work right. I used httpd
O
tions, and across http->https page
transition)
Maurice Yarrow
Hassan Schroeder wrote:
On 9/25/06, Darren Hall <[EMAIL PROTECTED]> wrote:
... The client does not want to see urls with an identifier on
the end
of them (i.e. www.abcdomain.com/abc), yet I need the identifier to
c
ld have been written
"I can't, of course, tell you why you are not seeing persistent
session id's. However, I believe
the above shows that PERSISTENCE is normal for my webapp."
(Case of ye olde dangling participle, or something like that...)
Maurice
Maurice Yarrow wro
- an artifact of
the security specification in J2EE).
Maurice Yarrow
Bob Hall wrote:
--- Darren Hall <[EMAIL PROTECTED]> wrote:
Peter,
You are correct. When hitting Tomcat directly, the
session remains intact.
When using mod_proxy to forward requests to Apache
the session is lost.
Is th
tions under which this occurred.)
Maurice Yarrow
Propes, Barry L wrote:
what about getRemoteHost()?
-Original Message-
From: Maurice Yarrow [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 5:30 PM
To: Tomcat Users List
Subject: Re: Session hijacking with Tomcat/Myfaces - unable t
http/https.
Maurice Yarrow
Long wrote:
I can also imagine this company gives employees the go-a-head and
hijack each others session. It would also reward the idiot(s) that can
do it best with double pay...
Your imaginary company example doesn't really happen within a real
company, does i
ambiguity to use this approach, even as addt'l metric.
One could however assume validity of positives but ignore false
negatives, i.e., if IP in conflict with orig, assume man-in-middle
attack, but if IP agrees, must rely on other metrics to determine
possible jeopardy.
Maurice Yarrow
David
plying all their cpu resources to a common set of
targets. Now that their attack tools have had connection-
refused after 5 attempts, their tool has struck my address
off their list as being non-fruitful. Just a conjecture, anyway.
Maurice Yarrow
Christopher Schultz wrote:
Simon,
Has anyon
a decent product and provides
a good interface between the Java obj's and the beans.
You simply write your beans and your sql, run a tool of
theirs on this, and it creates a bean jar and configuration
file with the sql embedded in it.
Maurice Yarrow
Raju Balugu wrote:
As for my knowledge ,T
)
the specialized connectors such as mod_jk are about
1.5 times the speed of mod_proxy. This speed differential may
be a consequential performance factor for some, but for our needs,
the simplicity of mod_proxy usage is a major factor.
Maurice Yarrow
Greg Gamble wrote:
On Fri, Jul 21, 2006 at 05:48
Sorry, Tomcat users - just a correction to technical wording:
In previous,
meant:
"asymmetric " configuration of total bi-directional bandwidth
Maurice
Maurice Yarrow wrote:
Hello Tomcat users
I am using TC 5.0.28 on a machine with an AMD Athlon 3000+
(not particularly strong,
ter all.
(I guess as Point-to-point becomes more popular, this will change.)
I don't know if any of this helps, but I thought I would mention all this
to see if it gives any perspective on the situation.
Maurice Yarrow
Leon Rosenberg wrote:
So you effectively measure the ability of tomcat
.
Is 5.5.15 still available somewhere ?
Maurice Yarrow
Corey Kaiser wrote:
I suppose I meant SE Linux in my last question.
Sorry for the confusion.
-corey
-Original Message-
From: Corey Kaiser [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 19, 2006 10:27 AM
To: 'users@tomcat.
tcstart.sh
In addition, there is information included also about "chroot jail",
as the author says "for the truly paranoid".
Maurice Yarrow
Oded Arbel wrote:
The most important reason that I use an Apache frontend for tomcat,
which is probably not relevant to the origin
Note also: RFC1867 (html form upload) has detailed specs for
multipart upload
Maurice Yarrow
Franklin Phan wrote:
I have an old servlet that I need to recompile but cannot because it
references MultipartRequest class. The servlet imports the following
packages:
import java.io.*;
impor
to..."
Anyhow, I should probably try this again, just to be sure.
(For your info: FedoraCore1/tomcat 5.0.28/j2sdk 1.4.2_05)
Thanks
Maurice
Hassan Schroeder wrote:
Maurice Yarrow wrote:
I was able to successfully use a filter to map to another servlet
in my web app. However, I wa
ervlet.
Neither worked.
ImageRequestFilter
getimg.servlets.ImageRequestFilter
ImageRequestFilter
/ImageRequest/*
ImageRequestFilter
default
Is there some way to do this (without using a
RequestDispatcher.forward(...) ) ?
ite all this just to begin to give you a feeling
for how complex this issue of caching of images really seems
to be. Evidently, many factors.
Thanks again for the tips that you sent. I will try everything.
Maurice Yarrow
David Rees wrote:
On 10/27/05, Maurice Yarrow <[EMAIL PROTECTED]&
Hello Dave
(For Internet Explorer:)
Do you happen to know which are the "right headers" to set,
especially for images ?? If not, maybe you could point me
to a good source of info for caching rules for IE.
Maurice
David Rees wrote:
On 10/27/05, Leon Rosenberg <[EMAIL PROTECTED]> wrote:
I've
Leon
Thanks for mentioning these items.
By the way, I liked taking in the 360 views.
Maurice
Leon Rosenberg wrote:
Maybe I'm missing the point completely, but why not MD5 encode the
path to your image along with a timestamp, how long this link should
be valid?
I' used this several times, dec
nse will change that.
Otherwise, a simple servlet should be able to do what you are asking
without a problem and without all the forwarding/redirecting/request
wrapping complexity.
--David
Maurice Yarrow wrote:
Hello Charles
Caldarale, Charles R wrote:
> "Why wasn't Tomcat&
index.html in all directories in the image
tree, or anyone can look at the image tree. Tomcat, however, is
real good about not letting anyone see above the /usr/myPhotos/Thumbs
level.
Maurice Yarrow
John Laughton wrote:
The problem with the servlet is sandboxing
If you try to refer (href) t
the http://tuckey.org/urlrewrite/ module, and I am
looking into that.
Anyhow, I'll keep trying different ideas until something
works. I'm nearly masochistically persistant...
But any suggestions would be greatly appreciated!
Maurice Yarrow
Caldarale, Charles R wrote:
From: John Laug
require that the target remain anonymous.
Thanks again
Maurice
Hassan Schroeder wrote:
Maurice Yarrow wrote:
I'm also interested in this issue of http(s) switching.
Could you possibly put up an example of this filter?
Sure:
<http://webtuitive.com/samples/java/HttpRedirectorFil
Hello Hassan
I'm also interested in this issue of http(s) switching.
Could you possibly put up an example of this filter?
Maurice Yarrow
Hassan Schroeder wrote:
Rob wrote:
to run https for some pages in my webapp, and http for other pages, using
the same session. It's working w
n on the incoming request. They can run on include()
and forward() to but you need to see configure that in web.xml.
If you are renaming the servlet path - you can't call chain.doFilter()
and get the results you expect. YOu need to get a new RequestDistpatcher
for the location your rewriting
ask.)
Maurice Yarrow
Tim Funk wrote:
I think this should work in your own web.xml:
MyFilter
default
-Tim
Maurice Yarrow wrote:
Tim
So, my question is: can I request that a filter be applied to all
static page requests that are going to DefaultServlet? Or is this
do
Dispatcher(request, response);
rd.forward(request, response);
} else {
filterChain.doFilter(request, response);
}
}
-Tim
Maurice Yarrow wrote:
Hello tomcat users
I have hesitated a while before sending up this question,
for the presumably obvious reason that hacking the tomcat
DefaultSe
ore tomcat capability for security
reasons, I would rather resolve this in my web app.
So, actually, my simple question, really, is:
Does anyone who has done this kind of thing have any experiences
that they would care to share?
Maur
49 matches
Mail list logo
