Re: Tomcat CORS Filter: Why is the default list of headers in "Access-Control-Allow-Headers" so arbitrarily limited?

-Type > Access-Control-Request-Method Access-Control-Request-Headers > > > > I know that I can replace that list by using the filter parameter > "cors.allowed.headers" and specify my own list of headers. I know > that. But I have the following questions: > &

Tomcat CORS Filter: Why is the default list of headers in "Access-Control-Allow-Headers" so arbitrarily limited?

Hi, Tomcat brings a special filter that implements the CORS specification. In this filter, the default list of allowed headers is the following: Origin Accept X-Requested-With Content-Type Access-Control-Request-Method Access-Control-Request-Headers I know that I can replace that

Re: Tomcat Access Control Exception

er.checkPermission(SecurityManager.java:549) > at java.lang.Thread.setContextClassLoader(Thread.java:1368) > at > org.apache.catalina.core.StandardHostValve.event(StandardHostValve.java:174) > at org.apache.catalina.valves.ValveBase.event(ValveBase.java:200) &g

Tomcat Access Control Exception

Server.stop(StandardServer.java:744) at org.apache.catalina.startup.Catalina.stop(Catalina.java:633) at org.apache.catalina.startup.Catalina$CatalinaShutdownHook.run(Catalina.java:676) Thanks in advance. -- View this message in context: http://www.nabble.com/Tomcat-Access-Control

Re: ACL (access control list) tutorial or example

er will have to access a given object? > > I've got the authentication part going with no trouble, but am having > trouble with the access control side of things. > > TIA! > Dave > > > > - > T

Re: [OT] Re: ACL (access control list) tutorial or example

. The spec defines role based access control; the majority of your problem can be resolved by configuring a Realm and your app so that restrictions can be applied on a URL by URL basis. In addition to the response I just posted, this app only has about 5 different url's (.jsp's), only

[OT] Re: ACL (access control list) tutorial or example

Sounds like the long route to a solution. The spec defines role based access control; the majority of your problem can be resolved by configuring a Realm and your app so that restrictions can be applied on a URL by URL basis. In addition to the response I just posted, this app only has abou

Re: ACL (access control list) tutorial or example

Sounds like the long route to a solution. The spec defines role based access control; the majority of your problem can be resolved by configuring a Realm and your app so that restrictions can be applied on a URL by URL basis. All of this can be done without having to use 'java.sec

Re: ACL (access control list) tutorial or example

route to a solution. The spec defines role based access control; the majority of your problem can be resolved by configuring a Realm and your app so that restrictions can be applied on a URL by URL basis. In addition to the response I just posted, this app only has about 5 different url

Re: ACL (access control list) tutorial or example

route to a solution. The spec defines role based access control; the majority of your problem can be resolved by configuring a Realm and your app so that restrictions can be applied on a URL by URL basis. All of this can be done without having to use 'java.security.acl', but with the

Re: ACL (access control list) tutorial or example

solution. The spec defines role based access control; the majority of your problem can be resolved by configuring a Realm and your app so that restrictions can be applied on a URL by URL basis. All of this can be done without having to use 'java.security.acl', but with the facilities provi

Re: ACL (access control list) tutorial or example

... There isn't a standard way of doing programmatical security of this nature - the nature of it is such that you have to write it yourself. That is essentially what I'm trying to do, using various built-in tools , such as java.security.acl.*, sun.security.acl.AclImpl, sun.security.acl.Acl

Re: ACL (access control list) tutorial or example

d/write, administration vs general user, etc) that a given user will have to access a given object? I've got the authentication part going with no trouble, but am having trouble with the access control side of things. TIA! Dave ---

Re: ACL (access control list) tutorial or example

or email and destroy the original message without making a copy. Thank you. - Original Message - From: "David Kerber" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Tuesday, May 08, 2007 10:25 AM Subject: ACL (access control list) tutorial or example I posted thi

Re: ACL (access control list) tutorial or example

--- Original Message - From: "David Kerber" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Tuesday, May 08, 2007 10:25 AM Subject: ACL (access control list) tutorial or example I posted this on comp.lang.java.security yesterday, but haven't gotten a single answ

Re: ACL (access control list) tutorial or example

l Message - From: "David Kerber" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Tuesday, May 08, 2007 10:25 AM Subject: ACL (access control list) tutorial or example I posted this on comp.lang.java.security yesterday, but haven't gotten a single answer, so I&#

Re: ACL (access control list) tutorial or example

. - Original Message - From: "David Kerber" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Tuesday, May 08, 2007 10:25 AM Subject: ACL (access control list) tutorial or example I posted this on comp.lang.java.security yesterday, but haven't gotten a s

ACL (access control list) tutorial or example

g with no trouble, but am having trouble with the access control side of things. TIA! Dave - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: Using 2 Realms for authentication and access control

for the user password authentication but still use my JDBCRealm >> for access control through roles. I was hoping you could point me in the >> right direction. I am running on Solaris 9, java 1.5.0_10 with tomcat >> 5.5.17 >> >> I really appreciate any help you could give me! &g

Re: Using 2 Realms for authentication and access control

Workman, Joe wrote: > I have an application that runs on tomcat that by default uses a > JDBCRealm to query a database for authentication. I would like to use > Kerberos for the user password authentication but still use my JDBCRealm > for access control through roles. I was hoping you

RE: Using 2 Realms for authentication and access control

I have not seen any response to this . . . . Can anyone help? Please?!? Cheers Joe From: Workman, Joe Sent: Friday, December 15, 2006 12:30 PM To: 'users@tomcat.apache.org' Subject: Using 2 Realms for authentication and access control I have an a

Using 2 Realms for authentication and access control

I have an application that runs on tomcat that by default uses a JDBCRealm to query a database for authentication. I would like to use Kerberos for the user password authentication but still use my JDBCRealm for access control through roles. I was hoping you could point me in the right direction

Access control by Host name problem

Hi every one, I want to control access to my application running on tomcat by Host names, I tried the class "org.apache.catalina.valves.RemoteHostValve" in the following manner I know that it takes a regular expression in the allow values, so I use (\.) to represent the dot(.) and

Re: Re: access control

> > From: "Zohar" <[EMAIL PROTECTED]> > Date: 2006/04/06 Thu AM 11:46:27 EDT > To: "Tomcat Users List" , > > Subject: Re: access control > > Can I grant access to some jsp pages and deny access to others (in the same > context)? &g

Re: access control

Can I grant access to some jsp pages and deny access to others (in the same context)? - Original Message - From: "Markus Schönhaber" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, April 06, 2006 17:23 Subject: Re: access control Zohar wro

Re: access control

Zohar wrote: > They used to be all "interface" servlets, but then I unified all external > interface access into one simple servlet that forwards the request to the > appropriate service. This way it should be easier to control the access to > that context (e.g., protect it with a password, deny ac

Re: access control

"internal" services, etc.). The "internal" contexts also provide service to other internal servers. - Original Message - From: "Markus Schönhaber" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, April 06, 2006 17:23 Subject: R

Re: access control

Zohar wrote: > I have a few servlets which are deployed to different contexts (each > servlet to its own context). One of these servlets acts as an interface to > clients, and it forwards the requests from clients to the appropriate > servlets. I don't want any of the non-interface servlets to be a

access control

Hello list, I have a few servlets which are deployed to different contexts (each servlet to its own context). One of these servlets acts as an interface to clients, and it forwards the requests from clients to the appropriate servlets. I don't want any of the non-interface servlets to be accessib

Tomcat Access Control using Application Authentication

over development of an existing Tomcat web application. There is already an application level scheme for authenticating users via a login page and stored login/password in a relational database. However, access control was poorly implemented across the JSP's. I cannot use JDBCRealm without m

Re: question about JNDIRealm and OpenLDAP with access control

added this to slapd.conf access to * by anonymous auth by users read Because I don't want to let anonymous users query ldap. Now when I login, I get http status 403 (access denied). Without ldap access control set, request.getUserPrincipal() prints this: GenericPrincipal[gary

question about JNDIRealm and OpenLDAP with access control

slapd.conf access to * by anonymous auth by users read Because I don't want to let anonymous users query ldap. Now when I login, I get http status 403 (access denied). Without ldap access control set, request.getUserPrincipal() prints this: GenericPrincipal[gary(member,)]