Re: security-constraint to limit jsp access
Jay, I think you need the auth-constraint tags. Example Security Constraint Protected Area /security/protected/* DELETE GET POST PUT role1 Then don't give anyone that role. Doug - Original Message - From: "Jay Wright" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, December 18, 2004 7:55 PM Subject: security-constraint to limit jsp access I have a struts 1.2.4 webapp in which I'm trying to hide my jsp's from being accessed directly. Instead of throwing them in the WEB-INF folder, I'd rather just restrict access to them through the security-constraint in the web.xml. I recently read that adding: JSPs /struts/* GET POST to the web.xml file will restrict access to files in the directory from direct URL access, but not from redirection or jsp forwarding, so they can still be accessed through struts action mappings. But this doesn't work. It seems to be ignorning the constraint altogether, as if I am missing an additional configuration. Is there something I need to add? I know my mapping is correct because if I throw: CONFIDENTIAL into the constraint, it does try to connect to the pages through a secure channel. I've scanned the web, now I'm on the mailing list: will this work and/or what is the best way to prevent direct access to the JSPs? Thanks, Jay - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
WebDAV servlet and sub-webapp collection creation
Trying to get @#$! Jakarta Slide to work, I created a routine that would go through the elements of a URI path and create all collections that didn't exist (using the WebDAV MKCOL method). The first time I tried it out, it worked fine---but I had forgotten that I was using the Tomcat WebDAV servlet, which means the first part of the path is virtual: "http://localhost/webapp/webdav/existing/new/file.txt"; In other words, "webapp" is my webapp and the Tomcat WebDAV servlet is mapped to "/webdav/*". "existing" already exists, but "new" does not. The result of my test was surprising: "http://localhost/webapp/"; did not exist; created successfully "http://localhost/webapp/webdav/"; did not exist; created successfully "http://localhost/webapp/webdav/existing/"; exists "http://localhost/webapp/webdav/existing/new/"; did not exist; created successfully The last two I expected---"existing" existed, and "new" didn't exist, yet was created successfully. However, I didn't expect the servlet to think that "webapp" and "webdav" did not exist---and I certainly didn't expect the Tomcat WebDAV servlet to actually create them! It turns out the Tomcat WebDAV servlet created the "webdav" directory inside my webapp root directory. This is incorrect, as "webdav" is a virtual directory mapped to the servlet---it makes no sense to create it, and it should probably show it as existing. Stranger still is the successful creation of the "webapp" directory. Where did the Tomcat WebDAV servlet create this directory? I can't find it anywhere, and there's nowhere it would even make sense to create it, as it's simply a virtual directory mapped to my web app! Garret P.S. Tomcat 5.5.4; J2SE 5.0; WinXP Pro SP2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
security-constraint to limit jsp access
I have a struts 1.2.4 webapp in which I'm trying to hide my jsp's from being accessed directly. Instead of throwing them in the WEB-INF folder, I'd rather just restrict access to them through the security-constraint in the web.xml. I recently read that adding: JSPs /struts/* GET POST to the web.xml file will restrict access to files in the directory from direct URL access, but not from redirection or jsp forwarding, so they can still be accessed through struts action mappings. But this doesn't work. It seems to be ignorning the constraint altogether, as if I am missing an additional configuration. Is there something I need to add? I know my mapping is correct because if I throw: CONFIDENTIAL into the constraint, it does try to connect to the pages through a secure channel. I've scanned the web, now I'm on the mailing list: will this work and/or what is the best way to prevent direct access to the JSPs? Thanks, Jay - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: extra directory in WebDAV servlet listing
Mark, Mark Thomas wrote: Tomcat version? 5.5.4. JVM version? 5.0. OS? Windows XP Professional SP2. Garret - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Virtual Hosts and SSL
Some posters misunderstand virtual hosts. The first step in creating a virtual host is to assign it a unique IP address and host name. The second step is to configuring the machine's ethernet adapter to have several IP addresses. This is done on Unix/Linux by creating additional devices with the : syntax and on Windows by adding them to the config dialog box. The third step is to configure the web server to know about all this. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Admin for TC 5.5.4 on Linux SUSE 9
Use firefox and open the Java Console. This should list out any errors. Daniel - Original Message - From: "Lars Ohlén" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, December 18, 2004 11:44 AM Subject: Admin for TC 5.5.4 on Linux SUSE 9 Hi, The Admin application behavious strange for TC 5.5.4 (or perhaps my browsers) I cannot expand or fold any of the leavs in the left hand pane. I'm not sure if this is a JavaScript problem or on the server side. Any ideas? /Lars - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Admin for TC 5.5.4 on Linux SUSE 9
Hi, The Admin application behavious strange for TC 5.5.4 (or perhaps my browsers) I cannot expand or fold any of the leavs in the left hand pane. I'm not sure if this is a JavaScript problem or on the server side. Any ideas? /Lars
Re: strongly typed collection in a scriptlet tag won't compile
I believe JDT with tomcat does not support 1.5. Only 1.4. -Tim Connor Barry wrote: I'm trying to compile this code: <% Collection a = new ArrayList();%> And I get this error: - org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: 10 in the jsp file: /test.jsp Generated servlet error: Syntax error on token "<", invalid AssignmentOperator An error occurred at line: 10 in the jsp file: /test.jsp Generated servlet error: Syntax error on token "=", != expected - When I remove both cases of "", it compiles. I'm guessing the brackets need to be escaped but I can't figure out how. I'm using Tomcat 5.5.4 with jdk1.5 and the Eclipse JSP compiler that's activated by default. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Virtual Hosts and SSL
Hi > I can't find anything specific to my question in the FAQs but I'm trying to set up a tomcat server with virtual hosts using https. I have two ips, each with its own SSL cert as I understand is necessary for https. > What I want is to have each ip use port 443 with its own document tree (virtual host) but I cannot seem to get this to work. When I set up an additional ip to use port 443 I get an error 400 (bad request). This should absolutely work. Have 2 different engnies, each with it's own https-connector. Bind these https-connectors to different IPs using it's "address" parameter. If this does not work, submit a bug. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Re: setting up tomcat/JBOSS with apache
If you want to configure your webapp from within Apache HTTPServer I would look at ProxyPass e.g. #Include in Proxy parameters to TOMCAT #ProxyPass /myapp http://localhost:8081/myapp ProxyPass /InvoiceEntry http://localhost:8081/InvoiceEntry #ProxyPassReverse /myapp http://localhost:8081/myapp ProxyPassReverse /InvoiceEntry http://localhost:8081/InvoiceEntry - Original Message - From: "B Wiley" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, December 16, 2004 1:58 AM Subject: setting up tomcat/JBOSS with apache > > Hello, I'm confused on something basic. I understand how to set up mod_jk2 > and configure an app something like http://localhost/myApp/test.jsp such > that the app myApp is sitting in the java container but can I have myApp > sitting on apache i.e. /var/www/htdocs/myApp and configure a handler in > httpd.conf that just forwards .jsp,servlets to the java container? All I > see online and in every example is how mod_Jk helps you knock out the :8080 > but the apps have to be sitting in webapps. > > The reason I'm asking is I was hosting a site on a resin server and that > server seems to have the setup I was describing, you can keep your apps on > apache and just configure the http.conf. > > Thanks for anything, correct me please if I'm confused , i sure am confused > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Hosts and SSL
On Fri, Dec 17, 2004 at 09:38:01PM -0700, Daniel Watrous wrote: : I know that in apache, and I suspect that it is a general rule, an SSL : (HTTPS) connection requires a unique IP address. In other words, virtual : hosts do not work with SSL. Correct. This is (or at least, should be) true all around: the SSL negotiation takes place at a lower protocol level than the HTTP request that specifies which virtual host the client wants to see. Yet, it's during the negotiation phase that client software compares the requested hostname to the CN value of the cert. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: extra directory in WebDAV servlet listing
Tomcat version? JVM version? OS? > -Original Message- > From: Garret Wilson [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 18, 2004 12:53 AM > To: 'Tomcat Users List' > Subject: extra directory in WebDAV servlet listing > > I have the WebDAV servlet set to > /webdav/*. > Listing is turned on. > > I have a subdirectory in my webapp named "base", which > contains "dir1", > "dir2", and "dir3". "dir1" contains "test1" and "test2". > > When I get a WebDAV directory listing of > http://localhost/webapp/webdav/base/dir1/ , I get back: > > dir1 > test1 > test2 > > In other words, the WebDAV servlet is for some reason returning the > directory itself as one of its own subdirectories! Trying to > select that > directory gives a 404 not found. > > In fact, it does this for every subdirectory, listing the directory > itself directory as if it were a subdirectory. > > This bug is exhibited by accessing the servlet from Windows XP > Professional as well as from DAVExplorer. > > Garret > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
strongly typed collection in a scriptlet tag won't compile
I'm trying to compile this code: <% Collection a = new ArrayList();%> And I get this error: - org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: 10 in the jsp file: /test.jsp Generated servlet error: Syntax error on token "<", invalid AssignmentOperator An error occurred at line: 10 in the jsp file: /test.jsp Generated servlet error: Syntax error on token "=", != expected - When I remove both cases of "", it compiles. I'm guessing the brackets need to be escaped but I can't figure out how. I'm using Tomcat 5.5.4 with jdk1.5 and the Eclipse JSP compiler that's activated by default. Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
