-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Breno,
Breno Jacinto wrote:
/foo/bar.jsp?id=1324 27ms
/foo/bar/jsp?id=1235 31ms
/foo/baz.jsp 897234ms
Is this filter provided by Tomcat? Is there any documentation on
this? The information would be very helpful, indeed.
Nope. You'll have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Delian,
Delian Krustev wrote:
Really? From your other message, you make it look like Java is taking
something like 1GB of memory. Sure, the JVM adds some overhead to the
heap size you configured, but it shouldn't be more than 5% or 10%...
nothing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
RK,
RK wrote:
So my question here is there anyway in Tomcat I can redirect all the
requests coming through https://mydomain.com be forwarded automatically to
https://www.mydomain.com.
Although you can do this, the user is still going to see the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aaron,
Aaron Brown wrote:
When a user requests a struts action that doesn¹t exist (i.e.
http://mysite.com/foo/doesntexist.do), Tomcat throws an exception and stack
trace instead of a 404 error. Any idea how to configure Tomcat (or struts?)
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
You need a collection that is:
David kerber wrote:
I need to have some kind of list or collection that I can search quickly
for a specific entry
Hashed
and then start stepping through the list item by
item from that point.
Linked
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve,
Steve Ochani wrote:
Keeping less data in each node should make searching the list fast.
Huh? I'm pretty sure that pointer dereferencing performance does not
depend on memory size (ignoring memory paging, of course).
- -chris
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Karsten,
You didn't mention if you were running Tomcat as a service. I'll assume
you are.
Karsten Silz wrote:
The call to CoCreateInstanceEx in the DLL is returning an error
code of 0x800706BA, which translates to the message The RPC server
is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
Dan Ciarniello wrote:
I am putting together RPMs for apache and tomcat and I want to
include the mod_jk connector with the apache RPM
:(
Don't do that; instead, have a separate RPM that just contains mod_jk
and maybe a script to install it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
I'm already on my 3rd attempt at optimization for this section. The
first round was having the db do _all_ the work, submitting a
complex query (a view, actually) and returning a resultset with all
the data I need. The query took
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David kerber wrote:
My primary job is database design and management; the java side is where
I'm weak, and I've spent a LOT of time on these queries, including
pushing through some design changes that have helped a lot, but not enough.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luis,
Luis Villa wrote:
Is there a way to avoid the \0 problem? (XML does not allow to
specify this character)
Can you do:
alias=tomcat#00;
?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Uma,
Uma Kalluru wrote:
I am using Struts1.x with Tomcat 5.5 and I see lots of problems in the
log file. Actually I am using Struts data source manager to create
connection pool at the startup of the server.
It's a bit off topic, but you should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Shekhar,
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] /usr/local/apache-tomcat-5.5.25/conf]: oslevel -r
5300-07
How about:
(in /usr/local/apache-tomcat-5.5.25/conf)
$ head context.xml
Can we get a copy of the stack trace, too?
- -chris
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Uma,
Uma Kalluru wrote:
But I am still wondering, if there was connection timeout and the
first user gets an error. Why should the whole application go down?
It shouldn't (go down).
I mean no other user can use the application after the error.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Shekhar,
[EMAIL PROTECTED] wrote:
Christopher Schultz wrote:
How about:
(in /usr/local/apache-tomcat-5.5.25/conf)
$ head context.xml
[EMAIL PROTECTED] /usr/local/apache-tomcat-5.5.25/conf]: head context.xml
?xml version=1.0 encoding=UTF-8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Delbecq wrote:
Login form should contains only login informations (cf J2EE specs).
I agree that login forms should only contain login information, but I
question the J2EE spec's interpretation of what should be considered
login
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve,
Steve Mitchell wrote:
I'm using a JDBC realm with a site and sometimes when you try to
access a secured resource you get a blank page after logging in. You
have to refresh the page to get the secured resource to appear. After
that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve,
Steve Mitchell wrote:
I saw a connection already closed message from one of my DAOs and I
found a SQLExceptions from MOD_JK.
mod_jk shouldn't be throwing any exceptions. I think you mean that the
database driver is doing that.
It looks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gene,
Eugene Poole wrote:
I'm looking for some reasonably simple instructions on getting Tomcat
and Apache working together.
Well, there's always
http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html but
if that's too complex,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Askwin,
ashwin soorkeea wrote:
When using the response.sendRedirect(/myexample) in my java class,
i do not want the servlet engine to reconstruct an absolute URL,
before sending the response to the browser.
This request violates the servlet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Abel,
Abel MacAdam wrote:
- Why should one connect Tomcat to Apache?
If you don't know, then you don't need to connect them: use Tomcat all
by itself in this case.
- Should you connect Tomcat 6.0.14 to Apache 2.2.6?
Any version of Apache httpd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
Martin Gainty wrote:
I was curious what happened if I followed stephen's advice
environment: TC 5.5.17
You didn't mention a win32 environment, which has case-insensitive paths. :(
%CATALINA_HOME%\webappsdel ROOT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
Is there a solution for this scenario? the same security hole for
cookie based session tracking? In our case, we have to use URL
rewriting because sometimes a new session is needed when users click
some links on pages.
In my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Abel,
AbelMacAdam wrote:
I checked to documentation. As far as I can see I do not have to do anything
to get Tomcat configured again.
Probably not; just make sure that you have an AJP Connector enabled in
your server.xml file.
mod_jk.so is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Louis,
Louis wrote:
When trying to decide which Authentication I should use I reviewed the
source for the existing ones and realized that none of them would work.
The existing authenticators all check to see if a principal is already
in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Richard,
Richard Reyes wrote:
Please send suggestions on how to improve the tomcat performance.
Just turn off the suck bit:
$ JAVA_OPTS=-Dsuck=false
$ $TOMCAT_HOME/bin/startup.sh
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robin,
robingandhi21 wrote:
| Please let me know if anybody has an idea about tomcat being FIPS
compliant.
Good question. I would imagine that if your JVM is not (i.e. Sun, etc.)
FIPS compliant, than Tomcat could not be, either. Any idea if Sun's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cuco,
cuco2772 wrote:
| Thanks for the link. Under the DBCP heading it states 'Versions of mysql
| ...that have been known to work'. I dont see any mention of my
| version, 5.0. Could that possibly be an issue as far as things like JDBC?
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
GF,
GF wrote:
| can you give me a link about setting up a secure JSessionID cookie? I
| mean to let it pass over HTTPS and not HTTP.
I believe if your session starts through HTTPS, the cookie will be
marked as secure and it won't be sent if the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anthony,
Berglas, Anthony wrote:
| We have an app that uses connection pooling, but tries to specify the
| username/password in the code. In particular, it does not want the
| password to be in plain text in an xml file. There is only one username
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cuco,
cuco2772 wrote:
| So it seems to be complaining about my context.xml. The offending line
| looks to be :
|
| Context path=/DBTest docBase=DBTest
| debug=5 reloadable=true crossContext=true
|
| Could the path attribute be incorrect ? I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
German,
[EMAIL PROTECTED] wrote:
| When I logging in my webApp, I' m been redirected to SiteMinder (that
part
| is ok), then SM redirect me to tomcat (it s mean to the root /),
appending
| some special headers, (and that part is ok).
|
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
German,
[EMAIL PROTECTED] wrote:
| JkMount / worker1
|
| And the special headers are coming.
|
| JkMount /RS/* worker1
|
| BUT !!! in this case I lose the special headers.
If it's working for / but not for other URLs, I don't believe there is
any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
GF,
GF wrote:
| I believe if your session starts through HTTPS, the cookie will be
| marked as secure and it won't be sent if the user switches to non-secure
| HTTP.
|
| Maybe my question is stupid, but, is it possible to browse a site on
| HTTP and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andris,
Andris Eiduks wrote:
| We use JNDIRealm for users authentication from Tomcat again OpenLDAP.
| But users doesn't get notifications about password expiration.
|
| It is possible for current solution (Tomcat and OpenLDAP) ?
| Or we must create
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris,
Chris Mannion wrote:
| I'm not sure this is exactly the place to be asking but I can't think of
| anywhere else so here goes. I have the same piece of code running on two
| different Tomcat installations, one Tomcat 5.0, the other Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
B,
B McFee wrote:
| Hi, My tomcat worked before but now for some reason the browser won't
| find the localhost. I am using the same
| address(http://localhost:8080 etc) Also for some reason it wont shut
| down when I type inbin/shutdown Here is the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gavan,
Gavan Hood wrote:
| My web app is very simple, two servlets already installed so no war
| file. Once it finally gets going it is very responsive, the
| initialization just takes forever...
A few quick questions:
Do your servlets perform any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gavin,
Er, forget my ravings about SSL initialization. I forgot that you said
you were seeing very high CPU utilization. Waiting for randomness would
not behave that way.
- -chris
Christopher Schultz wrote:
| Gavan,
|
| Gavan Hood wrote:
| | My
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Frank,
印华 wrote:
| In my design, I
| [have divided] the server side into several separate logic parts, and each
| part is deployed on a separate Tomcat server. e.g. the first tomcat
| server is to process login request, second tomcat server is to
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bob,
Bob Riaz wrote:
| Thank you, David. The jsp is on my development machine. I'm doing all my
| testing locally, so I wouldn't think this would be an issue. However,
I have
| been changing my system clock to test some time sensitive aspects of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Delbecq wrote:
| En l'instant précis du 17/01/08 15:46, Chad Kellerman s'exprimait en ces
| termes:
| Tomcat Users,
| I have been googling Tomcat thread dumps and have not seen what I
| want
| to accomplish anywhere...
|
|Is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jonadan,
Jonadan wrote:
| I need to start database before any servlet gets first request.
~From the servlet specification for
ServletContextListener.contextInitialized:
Notification that the web application initialization process is starting.
All
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Filip,
Filip Hanik - Dev Lists wrote:
| this is not a cluster error, basically, you are storing a map in the
| session, and someone is modifying the map while the cluster is trying to
| replicate it
How should this be solved? The OP could really
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Claire,
Claire Dugenet wrote:
| The first DLL, created with JNI, works well. Because : there are several
| fonctions in the second DLL (this one in language C).
I would imagine that they are both written in C, yes?
| The first function
| (which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Filip,
Filip Hanik - Dev Lists wrote:
| the solution is to not store stuff in the session modified by other
| threads, if that's the case, then its not really something you wanna
| store in a session
What's wrong with modifying something in a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eric,
Eric B. wrote:
| After further debugging, I noticed that my compiled JSP class file has a
| response.setContentType( text/html ) as pretty much the first
functional
| line in the _jspService() method. I checked my jsp file and don't
have that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Albrecht,
Albretch Mueller wrote:
| How could you then specify a different (virtual) host accepting only
| https connections, that would authenticate the user and then somehow
| communicate to the particular webapp Sec Realm so the user is
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris,
Chris Baty wrote:
[snip]
Did you mean to turn off the cwrecyclers worker? It's not listed in
the worker.list:
| worker.list=yougarage
??
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tc,
tc wrote:
| The developers think there may some issue with the database. They have
| also done multi-user testing without being able to reproduce the problem.
If they think it's the database, it's probably their code interacting
with the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Crowther wrote:
| From: Andrew Hole [mailto:[EMAIL PROTECTED]
| Is there any benchmark test available that allow me to
| determine the number
| of concurrent requests that Tomcat supports for a particular type of
| hardware?
|
| You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Albrecht,
Albretch Mueller wrote:
| Let me get this straight: you want to create a webapp that does nothing
| other than authenticate connections for another webapp?
|
| Why would you want to do something like this?
| ~
| Well, what else would you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eric,
Eric B. wrote:
| Ahhh yes - my mistake for not being clear enough. I had already
discovered
| that. Or another option is to put % response.setContentType(
text/css )
| %. However, I am looking more in the sense that I don't want Jasper
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tc,
tc wrote:
| Thanks for the suggestions. I will have a look at the source and see how
| the app is interacting with the database.
|
| I don't think the whole tomcat server freezes; just the one application.
Okay. That could be an app-specific
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eric,
Eric B. wrote:
| Multiple reasons, one main one primary one being that we have styles
defined
| on a per-user basis, stored in a database. So rather than generate an
| entire CSS file on the fly, this allows us to display certain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Frank,
frank wrote:
| I try to arrange all the services on one webserver, anyway if it need
| to be devided into several servers, I have to find a way to communicate
| between the servers, and I may use JMS or RMI to implement this. How
| about the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Brown wrote:
| Hello, are talking about between TC instances or one or more
| applications (dot).war deployed under one or more TC instances?
The OP indicated that separate Tomcat instances were involved.
- -chris
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Filip,
Filip Hanik - Dev Lists wrote:
| if you look at the stack trace, there is no error in the clustering
| code. something is modifying your session attribute while the cluster is
| trying to send it
I'm suggesting that this should not be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
B,
B McFee wrote:
| I tried the attached and got the following output which I don't
| understand:
|
| Proto Local Address Foreign AddressState
| TCPC36432-B:8007 C36432-B:0 LISTENING
| TCP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Filip,
Filip Hanik - Dev Lists wrote:
| no, its just common sense, given that the session should represent a
| client state,
| and by the time the cluster tries to serialize it, the request is over.
There's no guarantee that the request is complete
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
Caldarale, Charles R wrote:
| From: Diogenes Gomes [mailto:[EMAIL PROTECTED]
| Subject: Re: Problem with protecting pages in Tomcat 5.5
|
| Please, do you know how to define any role?
|
| I don't believe the servlet spec allows for such a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ofer,
Ofer Kalisky wrote:
| That's what I'm saying, I've been sitting on this for two days and can't
| figure it out.
Does your JSP disable sessions? It's possible that your python script is
creating millions of (unused) sessions that don't expire
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Filip,
Filip Hanik - Dev Lists wrote:
| In fact, you still are not covered, because removing the object from the
| session merely removes the reference. If the session replicator is
| running and copying, say, a Map to another machine in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Farhan,
mfs wrote:
\ I have got my web app deployed on the tomcat 6.0.13, I wonder what
| configuration do i have to do so as to make tomcat (built-in http server)
| handles the scenario where a user has disabled the cookies on the
browser ?
Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Clay,
Clay Collier wrote:
| I'm running Tomcat 5.5.25, but I think I've found the problem. When I
| deployed the application onto the production server, the server was
| unable to set up the connection pool until I added an additional
| Resource
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Murthy,
Murthy Chelankuri wrote:
| In my web application i have enabled http/https connector. When i am
| using in https mode for the first request session variables are not
| getting set properly. From the second request onwards its working fine.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve,
Steve Parker wrote:
| So, you're saying that if I have a single deployed webapp, and I just
| enter a few such domains (e.g., c1.mydomain.com, c2.mydomain.com, etc)
| into DNS to point to this server, that tomcat will automatically
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
Can anyone point me to a copy of the text of the Servlet Spec 2.5? All I
seem to be able to find is a ZIP file on Sun's site which contains the
reference JAR file and javadocs.
What I'm looking for is a PDF like you can easily get for the 2.4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
Caldarale, Charles R wrote:
| From: Christopher Schultz [mailto:[EMAIL PROTECTED]
| Subject: Servlet Specification 2.5
|
| Can anyone point me to a copy of the text of the
| Servlet Spec 2.5?
|
| http://jcp.org/aboutJava/communityprocess/mrel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Delbecq wrote:
| Perhaps you can create a
| custom valve to do so (Alter response to change cookie domain, alter
| request to change the other way) :)
You only have to change the outgoing cookie domain; the browser does not
send the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tony,
Tony Chamberlain wrote:
| No, it is not time sensitive. It is command sensitive (if that makes
| sense).
| Clicking a certain button in a jsp form
Then Tomcat should not have crashed. Did the JVM actually go down, or
did you just get an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David wrote:
| Where is the context element located (which xml file)?
You have a couple of choices. The easiest is to put a file in your
webapp called META-INF/context.xml (yes, that's META-INF, not WEB-INF)
that contains your Context
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
kr1,
kr1 wrote:
| I need to place a new jar file into lib while server is running.
| How can we load this jar(entirely a new file) into tomcat's current
| classpath without restarting the server.
|
| Could you please suggest me how to do it?
If you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
Caldarale, Charles R wrote:
| From: David Schwartz [mailto:[EMAIL PROTECTED]
| Subject: auto-run updated classes
|
| What is the setting/config to automatically run updated classes
| (without having to restart Tomcat each time I compile a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| For cookie-based session tracking, when a user clicks a link on a
| jsp page, how to make the request belong to a new session, not
| existing session.
Since there can only be one session (JSESSIONID) cookie for any given
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| Use two separate instances of the web browser.
|
| this is the best solution. Is there a way for openning a new
| instance of web browser such as IE by clicking a link on JSP page?
Not reliably. Aren't thin clients great?
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Huragan,
Huragan wrote:
| I am new to j2ee and have been trying to understand how cookies work.
Cookies are independent of the J2EE specification: they are part of the
HTTP specification. The servlet specification (part of J2EE) says that
cookies
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Richard,
Richard Buck wrote:
| Anyone else seeing this? What changed between 6.0.9 and 6.0.14?
Google is your friend:
http://www.security-database.com/detail.php?cve=CVE-2007-0450
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
(While others are handling your primary question, I thought I'd mention
a couple of things)
Dan D. wrote:
| I'm currently working on upgrading our systems from using Tomcat
| 5.0.27 to 6.0.14.
While you're at it, you might want to:
* If
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Max,
Max Sevenfold wrote:
| I would like to disable low grade encryption in Tomcat.
Are you using Tomcat's native APR library?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Max,
Max Sevenfold wrote:
| Right now I am using pure Java solution with keystore.
| I am debating to move to APR.
What version of Tomcat are you using? Can you post your Connector
configuration from server.xml? That would be very helpful in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Max,
Max Sevenfold wrote:
| compression=on
| compressionMinSize=2048
| noCompressionUserAgents=gozilla, traviata
|
compressableMimeType=text/html,text/xml,text/javascript,text/css,text/javascript,text/plain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christoph,
Christoph Lenggenhager wrote:
| I'm currently trying to find a way to fight Session Fixation
| (http://www.owasp.org/index.php/Session_Fixation) in tomcat when using
| the built -in mechanisms to authenticate users of a servlet.
I don't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Max,
Max Sevenfold wrote:
| Chris,
|
| Thank You. I just got solution from colleague. I was going to post it
here.
Yes, please post your solution, including complete instructions.
Post it under a new thread so folks who haven't been reading this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
david delbecq wrote:
| Sorry Christopher, but i tried at work, it's very easy to force a user
| to use a specific sessionid, and later use yourself that session id to
| gain that user's credential, and for the whole session there is only one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
Christopher Schultz wrote:
| This is interesting for the securityfilter project, which DOES allow
| drive-by logins. Hmm. I'll have to think about this one. Thanks!
I checked, and a login attempt on an existing authenticated session
results
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eric,
Eric B. wrote:
| Caldarale, Charles R [EMAIL PROTECTED] wrote in message
|
news:[EMAIL PROTECTED]
| Subject: Custom 404 for non-existant contexts?
|
| Is there a way to create a custom 404 error page for Tomcat
| for non-existant context
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greg,
Gregory Gerard wrote:
| A follow up question for 100: why does the spec define this at all
I think they explicitly set the session id parameter and cookie name
so that different implementations would be compatible. In some cases,
you may need
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| I moved the user-data-constraint inside the
web-resource-collection as the following:
|
|security-constraint
| web-resource-collection
| web-resource-nameAutomatic SLL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gary,
Gary Weaver wrote:
| I get the following error, because those two page elements are relative
| to the webapp and not to the host part of the URL:
|
| HTTP Status 404 - /caladmin/Shibboleth.sso/Login
:(
Yeah, the spec says:
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| I tried the method, it worked.
| But when I tried to protect login page only,
|
| web-resource-collection
| web-resource-nameprotected
pages/web-resource-name
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gary,
Gary Weaver wrote:
| I'm having trouble finding a way (maybe it is because it isn't
| possible?) of making Tomcat send users to the relative URL
| /Shibboleth.sso/Login (not served by Tomcat) in order to login if
| the Tomcat session times
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
John Caron wrote:
| I may need to make many such transfers to satisfy the request, so
| sendfile doesnt seem like it will work.
In this case, are you sure that HTTP is really the protocol for you?
It's not too difficult to write a NIO-based
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| The url is not changed when I point to
| http://www.mydomain.com/login.html in browser. The .html is mapped to
| servlet. I expected it to change to https://
I think David identified part of the problem: your XML is not set
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Delbecq wrote:
| I think this is worth submitting a security issue request on tracker,
| to ask that, at least, the container links the requester IP to the
| session.
I'm pretty sure that nobody will want to do this -- at least not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vitaly,
Vitaly Baranovsky 2 wrote:
| I have application developed not by me. This application adds new data to
| http threads at each requests. So, periodically there is memory overload,
| because threads are not destroyed after each request because
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
david delbecq wrote:
| I would more be thinking about applications that plays with
| sessionlistener and maintain list of active session (to track number of
| users / who is logged in, etc). Like ip-session id matching, a change
| id on the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vitaly,
Vitaly Baranovsky 2 wrote:
| Yes, data is added to ThreadLocal with every request.
| I can't modify this application.
|
| Does anybody knows, how to turn off thread pool? I want threads are
created
| before each requests and destroyed after
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Raghuveer,
Raghuveer wrote:
| This is regarding the damage of polish messages from struts application
| deployed on Tomcat on Linux and Windows XP .
|
| I get polish messages from SAP that to be displayed in JSP page.
|
| I have set ISO8859_2 in JSP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jason,
Jason Ling wrote:
| When the file is invoked,
| it only returns the header row of the table (First Name, Last Name, User
| Name, Password), but does not return the expected records from the Oracle
| data table.
[snip]
| %! DataSource ds; %
501 - 600 of 13409 matches
Mail list logo
