-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill,
On 2/4/16 12:52 PM, Bill Kelm wrote:
> Not sure if anyone has seen this before, whenever we go to
> configure the SSL connector and set the connector port to 8443, on
> tomcat startup they are getting rewritten to another random port.
>
> So
George,
Thanks for the lead to the startup script. That was exactly it, in our
configuration our CATALINA_BASE is /usr/share/tomcat7 and that is what was
triggering the random port assignment:
if [ "$CATALINA_HOME" != "/usr/share/tomcat" -a "$RETVAL" -eq "0" ]; then
# Create a tomcat di
On 2/4/2016 10:52 AM, Bill Kelm wrote:
Not sure if anyone has seen this before, whenever we go to configure the
SSL connector and set the connector port to 8443, on tomcat startup they
are getting rewritten to another random port.
So we will have:
and I end up with this in the ser
Not sure if anyone has seen this before, whenever we go to configure the
SSL connector and set the connector port to 8443, on tomcat startup they
are getting rewritten to another random port.
So we will have:
and I end up with this in the server.xml file on startup:
Thanks fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 9/20/2011 2:01 PM, Christopher Schultz wrote:
> I had to use mod_asis and stick this file ("logout") on my disk:
>
> Status: 401 Unauthorized WWW-Authenticate: Basic realm="My Realm"
Here is my config if anyone is interested:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 9/17/2011 9:31 AM, André Warnier wrote:
> Christopher Schultz wrote: ...
>
> Thanks for all these explanations. And as an aside :
>
>> The only way to terminate a BASIC login is to issue another 401
>> response,
>
> I did not even know th
Thanks Christopher.
Great explanation.
Finally, my problem was solved by upgrading up to Tomcat 7.0.21
On 7.0.16, my application doesn't work fine with SSL & realm ( see
previous emails )
Upgrading to 7.0.21 ( clean install, really ) solved the problem and works fine.
Regards
2011/9/16 Christ
Christopher Schultz wrote:
...
Thanks for all these explanations.
And as an aside :
The only way to
terminate a BASIC login is to issue another 401 response,
I did not even know that this worked. Does it really ?
Until now, I thought that the only way to get rid of a BASIC authentication
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 9/16/2011 1:38 PM, André Warnier wrote:
> I guess that where the OP (and I) get a little confused is in the
> distinction between the state of "having a session" and "being
> logged-in", and maybe the sequence in which these things happen.
Here goes web.xml and servlet.xml
I will note that server.xml contains SingleSignOn because I've got two
applications which share logging
LoginServlet
com.server.servlet.LoginServlet
LoginServlet
/login.do
LogoutServlet
com.server.servlet.Lo
Chris,
Christopher Schultz wrote:
...
Why do you think that HttpSession.invalidate() should act as a log out
mechanism when using CLIENT-CERT authentication?
I guess that where the OP (and I) get a little confused is in the distinction between the
state of "having a session" and "being logged
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chema,
On 9/16/2011 1:25 PM, Chema wrote:
>>
>> Presumably, you are using CLIENT-CERT as your ?
>
> No, [I am using] FORM method
Hmm. HttpSession.invalidate() *is* the proper way to terminate a
"FORM" authentication login.
> session.invalidate();
>
> Presumably, you are using CLIENT-CERT as your ?
Not , FORM method
>
>> When I invalidate() a session ( session.invalidate() ) , Tomcat
>> doesn't know it and thinks that user is still logged in So, that
>> user can get protected pages. Tomcat should return him a login
>> window but doesn't.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chema,
On 9/16/2011 7:37 AM, Chema wrote:
> Ive got a web application running on Tomcat 7, with SSL (https)
> and realm for authentication/authorization
Presumably, you are using CLIENT-CERT as your ?
> When I invalidate() a session ( session.invali
Hello:
Ive got a web application running on Tomcat 7, with SSL (https) and
realm for authentication/authorization
When I invalidate() a session ( session.invalidate() ) , Tomcat
doesn't know it and thinks that user is still logged in
So, that user can get protected pages. Tomcat should return him
15 matches
Mail list logo
