Re: Single authentication between IIS Tomcat - My ip-based solutionokay?
John, You definitely don't want to rely on an IP address, which can be spoofed, proxied for use with many users (as in the case of AOL), and change between HTTP requests with some proxy servers. What you're looking for is a web single sign-on solution. I'm in the process of writing a white paper on security requirements that should be considered for a web single sign on solution and will send you a link to the document when I post it. Gary John Klancer wrote: Hello Let me preface by saying my knowledge and experience with seurity is primitive. I am now working on a project wherein we have a set of ASP pages with a custom authentication process. I have embedded a servlet into one of these asp pages but want to avoid making the user authenticate twice (once for the ASP pages, once again to access the servlet). To that end, I have been doing a lot of online research, but haven't found any pre-existing solutions (which surprises me). First question - does anyone know of anything already out there? If I do have to create my own solution, I was thinking of having IIS, on the user's authentication, store the IP address of the authenticating user in a file on the server (say %TOMCAT%\conf\auth-users.xml or something). Then, when the user attempts to access the servlet, a custom Realm would check to see if his/her ip is in auth-users.xml and grant/deny access based on that. My question is - is this feasible? Equally important, is it truly secure? Thanks for helping out a total security n00b. - John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
Tim, If you're still considering a web single sign-on solution for Apache/Tomcat, take a look at Cams. It's much more cost-effective than SunOne Identity server, and gives you quite a bit of value add over Apache or Tomcat security: http://www.cafesoft.com/ Let us know your thoughts, Gary Tim O'Donnell wrote: Hi all, I was hoping someone here could confirm a suspicion of mine, as I've been unable to uncover a definitive answer searching other forums (web, javasoft forum, mailing list archives). I've setup Apache web server to perform basic auth against a webapp directory in tomcat. I'm using the jk connector to forward certain contexts and jsp requests to Tomcat. The authentication works as expected. However, the REMOTE_USER (via request.getRemoteUser() method) environment variable returns null when I try to access it from Tomcat. That variable, however, is populated when I inspect it with the printenv cgi-script running in Apache. Is this simply because Apache and Tomcat are two separate containers and don't share that environment info? Or am I doing something wrong? I suspect what I'm trying to do isn't possible, but I'd really appreciate someone confirming this for me. Thanks for your time, Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multiple Virtual Hosts Single Sign On
Victor, You might take a look at our centralized security server, Cams. Cams provides SSO via Apache or Tomcat to subdomains as your show in your request. You can find out more at http://www.cafesoft.com. Good luck and let us know if you have any questions, Gary Victor Soares wrote: Hello, I have dug through the tomcat-user archives and have seen this question come up several times, but there was no concrete solution so I'll bring it up again. For an upcoming project, I am going to have 3 websites. ex: library.ci.tigard.or.us police.ci.tigard.or.us www.ci.tigard.or.us Each website will have some features that require a login. It would be logical to have the same username and password for all 3 and even more logical for the user to only have to authenticate once for all 3 and have his/her session data maintained and available to all 3. Is there a single sign on solution that would provide that capability? This concept of single sign on should not be confused with Tomcat's SSO. Tomcat's SSO only provides SSO for different contexts within one virtual host. This is more of a SSO solution along the lines of the .net passport. Any help would be much appreciated. Thanks, - Victor Soares - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is there a way to use Apache Authentication on jsp pages locatedon a different server?
You can use mod_jk and Apache security to secure Tomcat URLs on the remote server. The only thing you'll loose is access to servlet API calls like request.isUserInRole() as the Tomcat container will no longer be aware of the user's identity. Gary Raiden wrote: I'm using Apache 2.0.43, and Tomcat 4.1.18 (which is located on a separate sever). Is there a way to use Apache basic authentication to authenticate these pages, when they exist on a separate server? When they're on the same server, I can just create a Directory tag, and set the authentication. But how do I do this when the jsp files are not on the same file system? Thanks, Raiden -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: limiting access by IP address
An IP address cannot be changed mid-stream and cannot be easily faked (without the cooperation of the intervening network systems). The Apache distribution has long included mod_access for this purpose, and it is widely used. With Apache, you can either specify to deny or grant access to an IP address using regular expression syntax. See the Apache documentation for more information. Using IP addresses for access control is very useful within company intranets (e.g. the engineering department has access but the marketing department does not). It can also provide pseudo-firewall capabilities to deny Internet access to bad guys, or only grant access to users from a specific company. When accompanied with user authentication, it provides an extra measure of security (known as two-factor authentication). Generally, authentication (or identification more specifically) is a function of: Something you know (a username and password) Something you have (a smartcard or IP address) Something you are (biometrics) Gary Joel Rees wrote: You can do the same things with Valves and Filters for free. Stupid question, but what exactly is the point of limiting access by IP address? (IP addresses being spoofable, and all, ...) -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: RewriteRules and Standalone Tomcat
Yes, but your requests must be passed through Apache to Tomcat-Standalone via mod_jk. We do this on our site and it works nicely. The URL requests are processed by mod_rewrite before mod_jk forwards them to Tomcat, so the Apache behavior you desired is achieved. I don't think that Tomcat-Standalone means what it looks like it should mean, if you know what I mean ;-) Gary neal wrote: Oh, does that mean it *is* possible to use RewriteRules with Tomcat Standalone then? :-\ Neal -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 1:04 PM To: 'Tomcat Users List' Subject: RE: RewriteRules and Standalone Tomcat Yes, specific to a Tomcat issue, but the solution incorporates Apache. :) John -Original Message- From: neal [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:54 PM To: Tomcat Users List Subject: RE: RewriteRules and Standalone Tomcat Oh. :( But this was actually a solution offered specific to a Tomcat issue: Issue: Unlike Apache, tomcat automatically redirects to the welcome page, rather than forwarding. In other words, to present the welcome page tomcat will literally redirect (http 302) to www.xyz.com/index.html, rather than staying at www.xyz.com. I do not want this effect as I am affraid it will have negative effects on my search engine placement. I was given the advice to use a RewriteRule to fix this problem. If this is not the solution, does anyone know what the solution is? I was told this is actually a feature of tomcat ... I call it a PAIN IN THE ASS, and a serious oversight for standalone Tomcat. Anyone know a solution? Thanks. Neal -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 7:16 AM To: 'Tomcat Users List' Subject: RE: RewriteRules and Standalone Tomcat Beat me with a stick if I'm wrong, but RewriteRule is for Apache when using mod_rewrite, I don't think you can use it in server.xml or web.xml. John -Original Message- From: neal [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 4:51 AM To: Tomcat Users List Subject: RewriteRules and Standalone Tomcat What exaclty is a RewriteRule and how is it used with Standalone Tomcat? Do I define my RewriteRules somewhere in server.xml or web.xml? A couple of months ago, Noel told me how I could get Tomcat to show the content of the default welcome page without redirecting (http 302) to the file, using a RewriteRule. I took notes from that email and set it aside only to realize when I returned ... that I have no idea what to do with this info! And of course no info is available (that I could find) online or in the Tomcat manual explaining this. :( Could someone please explain how this RewriteRule would be integrated into Tomcat: RewriteRule ^/$ /index.html [L] Thanks! Neal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.434 / Virus Database: 243 - Release Date: 12/25/2002 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: limiting access by IP address
You can do this using our Cams access management product with Tomcat (see http://www.cafesoft.com). The XML looks like this: !-- Example 4 - allow access to only host 127.0.0.1 -- host-acr id=allow ip rule allow-address address127.0.0.1/address /allow-address /host-acr !-- Example 6 - allow access only to localhost -- host-acr id=allow host rule allow-host hostlocalhost/host /allow-host /host-acr Note that rules based on hostnames should be considered risky as they are subject to DNS lookups resolving. With Cams, you can also chain rules with operators. So, you could make a rule like: !-- Allow only authenticated users with role manager from the internal LAN -- acr id=allow managers from LAN role-constraint role-namemanager/role-name role-classcom.cafesoft.cams.auth.CSUserPrincipal/role-class /role-constraint and/ allow-address address192.168.0/address /allow-address /acr Gary icewind wrote: Could anyone tell me how to limit access to a particular servlet by IP address or hostname? Any pointer to documentation that cover this topic would be appreciated. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: enterprises that use Tomcat as Web Server.
The numbers at SecuritySpace.com indicate the number of mod_jk sites. This is the best indication I've found of production usage (assuming that most commercial usage is probably not Standalone Tomcat): http://www.securityspace.com/s_survey/data/man.200212/apachemods.html?mod=bW9kX2pr Note that the number of ApacheJServ modules is still higher though it doesn't look like it will be too long before mod_jk overtakes it given the trends! http://www.securityspace.com/s_survey/data/man.200212/apachemods.html?mod=QXBhY2hlSlNlcnY= You can buy the mod_jk list for $995, it includes the IP addresses for all the mod_jk sites. Also interesting is the cookie report (notice JSESSIONID): http://www.securityspace.com/s_survey/data/man.200212/cookieReport.html Gary Turner, John wrote: Netcraft's survey also assumes that Tomcat is on port 80, which might not always be the case. John -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 7:15 AM To: Tomcat Users List Subject: Re: enterprises that use Tomcat as Web Server. Netcraft is one way to find out what web server a company is running. http://www.netcraft.com/ But some reports may be falsified by the webserver. For example: Wal-mart report Solaris with IIS. http://uptime.netcraft.com/up/graph/?host=walmart.com -Tim Andoni wrote: In regard to your query I'm sure you would understand if I pointed out that most commercially owned businesses are quite sensitive about telling anybody outside of their organisation any details of their computer infrastructure and especially a public interface of their computer infrastructure like a web server. I am sure you are not looking for this information to help you hack in to companies but I assure you it would be useful to many internet hackers. For this reason alone I don't see you getting many responses to your query. On the other hand you can test the make of any web server by downloading a program like visual route (http://www.visualware.com/visualroute/index.html) and typing in the name of a domain whose web server you wan to know the type of. Regards, Andoni. - Original Message - From: Sérgio Rocha [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 4:37 PM Subject: enterprises that use Tomcat as Web Server. I need a list of enterprises that use Tomcat as Web Server. Can someboby help me? _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Realm not working now I've moved from Win2K to Linux
Ben, Can you see in your Tomcat log files if you are being forwarded back to the original request page after authentication? If yes, and you are being authenticated as you indicate, this sounds like the state is somehow being lost. In this case, you might be in a forwarding loop between the protected resources and the login page. I'm not sure on why this would be happening. You might take a look at our Cams product: http://www.cafesoft.com Cams unifies Apache and Tomcat security under a centralized security policy umbrella. It is tested under Windows and Linux to work via JDBC. Good luck, Gary Ben Jessel wrote: Hi, I have a JDBC realm set up that interfaces with a mysql database in tomcat 4.0 on a windows 2000 server. This has been working fine - I place my pages under the security constraint, and I am forwarded to the login page o.k. Entering my details then puts me to the 'login correct' page, and all is good. Now I have now migrated to tomcat 4.0 on Mandrake 9, and I cannot log in. I have turned up debugging to full, and I can see that authorization is fine. I can see the sql and see the results being returned, however, I keep getting forwarded back to the login page. My configurations are very similar! Though, strangely enough, the RPM that I got from RPM finder has different ports configured to the win2k ones. I've replaced the server.xml with the one from the win2k distribution of Tomcat 4.0. Thanks Ben -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: securing tomcat...
Jason, If by securing you mean hardening, well then no. But we have posted a white paper on Tomcat security according to the servlet specification: http://www.cafesoft.com/products/cams/tomcat-security.html Gary Jason Pyeron wrote: has any one put together a faq/howto on securing tomcat? our first goal is to prevent determination of the server version by a web client. an example of this is for url http://127.1:8080/xxdfsdf this is returned, note the Server: Apache Coyote/1.0 and Apache Tomcat/4.1.12 HTTP/1.1 404 /xxdfsdf Content-Type: text/html;charset=ISO-8859-1 Content-Language: en-US Transfer-Encoding: chunked Date: Tue, 31 Dec 2002 20:46:09 GMT Server: Apache Coyote/1.0 htmlheadtitleApache Tomcat/4.1.12 - Error report/titleSTYLE!--H1{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} H3{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} BODY{font-family : sans-serif,Arial,Tahoma;color : black;background-color : white;} B{color : white;background-color : #0086b2;} HR{color : #0086b2;} --/STYLE /headbodyh1HTTP Status 404 - /xxdfsdf/h1HR size=1 noshadepbty pe/b Status report/ppbmessage/b u/xxdfsdf/u/ppbdescription/b uThe requested resource (/xxdfsdf) is not available./u/pHR size=1 noshadeh3Apache Tomcat/4.1.12/h3/body/html -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Question - Form Validation
Denise, Consider using the Jakarta Struts project. It is very popular and provides a framework for form validation and error handling. http://jakarta.apache.org/struts/ Gary Denise Mangano wrote: Hi all :) I'm not sure if these types of questions belong is this list?? I've seen people post JSP and/or servlet questions, so I am assuming they do... ? I am trying to figure the best way to do form validation with JSP. I have a JSP with a form that calls another JSP to process that form and display the result. I would like to add an intermediary page that displays all the user input before the information is processed. Before I get to this intermediary page I want to make sure all fields are filled out and each field fits the format it should be. If a field is missing or incorrect, I would like the same page to be reloaded, with red text next to the field that needs to be corrected. Just wondering if anyone had any suggestions of the best way to handle this. Denise Mangano -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: tomcat as service
We use the Java Wrapper Service with JDK 1.4 to run Tomcat as an NT service. You can find it at: http://wrapper.sourceforge.net/doc/english/index.html In addition to working cross platform (Windows NT and Unix), you can test the service from the command line before and after installing it. They supply sample configurations for Tomcat. Gary Herwig Posedu wrote: hi! i tried to run tomcat as service with jdk14 and i doesnt work. there is no error. with jdk 1.3 there were no problems. is there any nown bug with version 1.4 of jdk thx for helping,.. herwig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin CEO and Founder Cafesoft 858.455.1800 x205 http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Security Configuration in WEB.XML
Lior, It looks like you have short-circuited Tomcat's security model and created your own. We have a Tomcat Security Overview and Analysis that might be of help at: http://www.cafesoft.com/products/cams/tomcat-security.html You might also reference the security section of the the servlet JSR: http://www.jcp.org/aboutJava/communityprocess/first/jsr053/ Gary Lior Shliechkorn wrote: Hello, I'm a bit confused about the whole security implementation in Tomcat. I'm using a webapp that has a Login.html page that posts information to a servlet that queries a database to authenticate the user. The values are then set into a bean, and each page checks the existance of the bean in order to enter that page. If I want to add additional security, what would I do in the WEB.XML page in order to have it secured by tomcat? Thanks, Lior - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Servlet API: how to obtain the roles list ?
Pierre, There is no way to do this using the servlet API but you could easily store your user and role information in a JDBC user repository and then query that repository for the user data you want. If you need to include the user repository with your webapp, we've used the Hypersonic SQL database. Gary Pierre-Laurent Ribault wrote: Hi, I want to obtain the list of the roles defined in the system from inside my servlet. I know where the roles are defined, and that I can check the user name and isUserInRole from the HttpServletRequest class, but I could not find out a method to list the existing users or roles. Is there such a method in the servlet API ? Pierre-Laurent Ribault [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin CEO and Founder Cafesoft 858.455.1800 x205 http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Urgently Required
Kural, The role should already be configured in web.xml by the application deployer. If the user registers himself with a given role, then the user and that role need to be added to the user repository. If you are using tomcat-users.xml, then you need to add the user and role to that file. It's easier in this case to use the JdbcRealm and an SQL database. When the user self-registers, you can simply add the new user and role(s) to database tables. Gary kural mani elango wrote: Dear sir/madam, I am working in JSP with tomcat,In my project i have user roles (BuyerAdmin,Buyer,Shipper...) now i want to display pages according to the user and i have an Page for registration for user,if the user register him as role(say Buyer) it must be add to the web.xml,Pls reply me how can do this I want this very urgently thankyou NIIT supports World Computer Literacy Day on 2nd December. Enroll for NIIT SWIFT Jyoti till 2nd December for only Rs. 749 and get free Indian Languages Office software worth Rs. 2500. For details contact your nearest NIIT centre, SWIFT Point or click here http://swift.rediff.com/ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin CEO and Founder Cafesoft 858.455.1800 x205 http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: can't get w2k tomcat service running again
Becky, We use the Java Wrapper Service at: http://wrapper.sourceforge.net/doc/english/index.html In addition to working cross platform (Windows NT and Unix), you can test the service from the command line before and after installing it. They supply sample configurations for Tomcat. Gary http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Retrieve User - Realm
More specifically, he may be looking for: request.getUserPrincipal().getName(), which returns the actual user name. I believe that request.getRemoteUser() only returns the username if the user is authenticated using BASIC authentication. Gary -- Gary Gwin Cafesoft http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Retrieve User - Realm
Michael, Principal returns the object implementing the Principal interface, where request.getRemoteUser is a CGI compatibility call. I know there have been instances when getRemoteUser did not work as expected for me (I thought it was with BASIC authentication but that must not be the case). Hence, I believe that using the Principal object is the recommended way to go. Gary Michael Echerer wrote: More specifically, he may be looking for: request.getUserPrincipal().getName(), which returns the actual user name. I believe that request.getRemoteUser() only returns the username if the user is authenticated using BASIC authentication. Actually not true, although I don't say I got the whole difference between Principal and RemoteUser in practical terms. What is it? ;-) request.getRemoteUser() also works with form based authentication as it mimics basic auth. Have a look for tomcat's examples app under jsp/security/protected. Both methods show the same user name and it is also stored in the realm like basic auth does as you can see if you have a look after login using the examples' snoop.jsp. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Simple Catalina/JSP question
Sachin, Until they fix the bug, you don't need to reboot. Simply delete the compiled classes in the tomcat/work/localhost directory. Gary sachin chaudhari wrote: I am using catalina 4.0 B5. But if I make changes to the JSP page it does recompile the page. Even after restarting the catalina. Only way to see the changes is to add a new JSP page restart the server. What configs in server.xml I need to change? Thanks in advance for your help. = Sachin Chaudhari __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ --