Re: Tomcat Security and Struts

2009-04-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hassan, On 4/22/2009 2:45 PM, Hassan Schroeder wrote: > On Wed, Apr 22, 2009 at 11:43 AM, Mighty Tornado > wrote: >> How can I make the request to port 8443 actually succeed? > > Configure an https Connector. And correctly set your "redirectPort" i

Re: Tomcat Security and Struts

2009-04-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 4/22/2009 12:37 PM, André Warnier wrote: > Caldarale, Charles R wrote: >>> From: Mikolaj Rydzewski [mailto:m...@ceti.pl] >>> Subject: Re: Tomcat Security and Struts >>> >>> Mark Thomas wrote: >&

Re: Tomcat Security and Struts

2009-04-22 Thread André Warnier
Mighty Tornado wrote: I think the following might be a problem. When I access the application I get this error in the browser:Firefox can't establish a connection to the server at localhost:8443 But did you not ask for this ? CONFIDENTIAL --

Re: Tomcat Security and Struts

2009-04-22 Thread Hassan Schroeder
On Wed, Apr 22, 2009 at 11:43 AM, Mighty Tornado wrote: > How can I make the request to port 8443 actually succeed? Configure an https Connector. -- Hassan Schroeder hassan.schroe...@gmail.com - To uns

RE: Tomcat Security and Struts

2009-04-22 Thread Caldarale, Charles R
> From: Mighty Tornado [mailto:mighty.torn...@gmail.com] > Subject: Re: Tomcat Security and Struts > > Firefox can't establish a connection to the > server at localhost:8443 You need to define a secure for port 8443. > But Tomcat is supposed to listen on port 8080 You

Re: Tomcat Security and Struts

2009-04-22 Thread Mighty Tornado
How can I make the request to port 8443 actually succeed? On Wed, Apr 22, 2009 at 2:40 PM, Hassan Schroeder < hassan.schroe...@gmail.com> wrote: > On Wed, Apr 22, 2009 at 11:16 AM, Mighty Tornado > wrote: > > I think the following might be a problem. When I access the application I > > get this

Re: Tomcat Security and Struts

2009-04-22 Thread Hassan Schroeder
On Wed, Apr 22, 2009 at 11:16 AM, Mighty Tornado wrote: > I think the following might be a problem. When I access the application I > get this error in the browser:Firefox can't establish a connection to the > server at localhost:8443 > > But Tomcat is supposed to listen on port 8080 - and it has

Re: Tomcat Security and Struts

2009-04-22 Thread Mighty Tornado
y way around this? On Wed, Apr 22, 2009 at 1:05 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: André Warnier [mailto:a...@ice-sa.com] > > Subject: Re: Tomcat Security and Struts > > > > Maybe this : if the login page itself contains a link to

RE: Tomcat Security and Struts

2009-04-22 Thread Caldarale, Charles R
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: Tomcat Security and Struts > > Maybe this : if the login page itself contains a link to a gif located > in the same area, trying to load that gif will also hit the > authentication bit, and trigger another login page

Re: Tomcat Security and Struts

2009-04-22 Thread André Warnier
Caldarale, Charles R wrote: From: Mikolaj Rydzewski [mailto:m...@ceti.pl] Subject: Re: Tomcat Security and Struts Mark Thomas wrote: /* will protect everything. If your login page uses any external assets (images, stylesheets, etc), it will become corrupted (assets won't load). Ca

RE: Tomcat Security and Struts

2009-04-22 Thread Caldarale, Charles R
> From: Mikolaj Rydzewski [mailto:m...@ceti.pl] > Subject: Re: Tomcat Security and Struts > > Mark Thomas wrote: > > /* will protect everything. > > > If your login page uses any external assets (images, stylesheets, > etc), it will become corrupted (assets won&

Re: Tomcat Security and Struts

2009-04-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mikolaj, On 4/22/2009 9:58 AM, Mikolaj Rydzewski wrote: > Mighty Tornado wrote: > I'm not sure if login page will work if it is located under WEB-INF > directory. Of course it will. There's nothing special about the WEB-INF directory that would preve

Re: Tomcat Security and Struts

2009-04-22 Thread Mikolaj Rydzewski
Mark Thomas wrote: /* will protect everything. If your login page uses any external assets (images, stylesheets, etc), it will become corrupted (assets won't load). -- Mikolaj Rydzewski - To unsubscribe, e-mail: users-u

Re: Tomcat Security and Struts

2009-04-22 Thread Mighty Tornado
t; > From: Mighty Tornado [mailto:mighty.torn...@gmail.com] > > Subject: Tomcat Security and Struts > > > > I am trying to make sure my app requires a login. So I configured the > > following in my deployment descriptor: > > > > > > > >

RE: Tomcat Security and Struts

2009-04-22 Thread Caldarale, Charles R
> From: Mighty Tornado [mailto:mighty.torn...@gmail.com] > Subject: Tomcat Security and Struts > > I am trying to make sure my app requires a login. So I configured the > following in my deployment descriptor: > > > >admin >*.do >

Re: Tomcat Security and Struts

2009-04-22 Thread Mark Thomas
Mighty Tornado wrote: > Tomcat 6Struts 1.3 > OS: MacOS X - Leopard > > Hi, > > I am trying to make sure my app requires a login. So I configured the >*.do /* will protect everything. >POST This only protects the POST method. GETs will not be restricted. I'd remove this line. Mark

Re: Tomcat Security and Struts

2009-04-22 Thread Mikolaj Rydzewski
Mighty Tornado wrote: POST Why do you want to restrict access only to requests with POST method? I usually do not use http-method element. /WEB-INF/JSP/login.jsp I'm not sure if login page will work if it is located under WEB-INF directory. -- Mikolaj Rydzewski ---

Tomcat Security and Struts

2009-04-22 Thread Mighty Tornado
Tomcat 6Struts 1.3 OS: MacOS X - Leopard Hi, I am trying to make sure my app requires a login. So I configured the following in my deployment descriptor: admin *.do POST member CONFIDENTIAL FORM /WEB-INF/JSP/login.jsp