Exception in RealmBase
Searching the archives, I found two similar issues from earlier this year that were unanswered: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg131837.html http://www.junlu.com/msg/44667.html Basically, there is an exception at startup when using a custom realm implementation (in my case I am using Security Filter: http://securityfilter.sourceforge.net) Here is the exception: 03:42:59,976 INFO [RealmBase] Parent not available yet: null:type=Engine 03:42:59,983 ERROR [RealmBase] Can't register null java.lang.NullPointerException at org.apache.catalina.realm.RealmBase.init(RealmBase.java:1194) at org.apache.catalina.realm.RealmBase.start(RealmBase.java:875) at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:669) Thx. Mike __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ROOT/index.jsp- REASON WHY EDITING FAILS
The ROOT web.xml contains the following lines which essentially renders the content of index.jsp meaningless: org.apache.jsp.index_jsp org.apache.jsp.index_jsp org.apache.jsp.index_jsp /index.jsp Mike --- QM <[EMAIL PROTECTED]> wrote: > On Tue, Jun 22, 2004 at 12:44:06PM -0700, Mike Duffy wrote: > : Good suggestion. If the JSP is precompiled shouldn't I be able to go to the work > directory > and > : see index_jsp.class somewhere under a ROOT directory (like there is for other > webapps)? I > guess > : one of my basic questions is that why don't I see a ROOT directory in the work > directory? > > You tell me -- how did you precompile? > > If you're placing classes directly in the "/work" dir, then, yes; > if you're building class files and updating web.xml, then, no. > > The former method of precompilation is Tomcat-specific and accounts for > a JSP being updated. The latter is for production deployments, in which > case the JSPs should not change throughout the release lifetime. > > > The root context may be under "/work/_" in TC5, but don't quote me on > that. > > -QM > > > -- > > software -- http://www.brandxdev.net > tech news -- http://www.RoarNetworX.com > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ROOT/index.jsp
Good suggestion. If the JSP is precompiled shouldn't I be able to go to the work directory and see index_jsp.class somewhere under a ROOT directory (like there is for other webapps)? I guess one of my basic questions is that why don't I see a ROOT directory in the work directory? Mike --- QM <[EMAIL PROTECTED]> wrote: > On Tue, Jun 22, 2004 at 09:37:19AM -0700, Mike Duffy wrote: > : When using Tomcat 5.0.25 it seems that any change I make to ROOT/index.jsp does > not show up in > the > : browser (in Tomcat 4.xx this was easy to do). I am sure this is some sort of > caching problem > so > : I've been looking for the compiled JSP in the work directory to delete it. Very > strange, but > it > : doesn't seem like this JSP is compiled anywhere. > > Check the webapp's WEB-INF/web.xml -- is said JSP precompiled? > > If so, changing the file will (understandably) have no effect: the > container checks its servlet mappings first, files (say, JSPs) second. > > -QM > > -- > > software -- http://www.brandxdev.net > tech news -- http://www.RoarNetworX.com > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ROOT/index.jsp
When using Tomcat 5.0.25 it seems that any change I make to ROOT/index.jsp does not show up in the browser (in Tomcat 4.xx this was easy to do). I am sure this is some sort of caching problem so I've been looking for the compiled JSP in the work directory to delete it. Very strange, but it doesn't seem like this JSP is compiled anywhere. Does Tomcat 5.0 have some sort of memory resident or log caching that persists even after the server is restarted? Any guidance would be appreciated. Thanks. Mike __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ROOT/index.jsp
When using Tomcat 5.0.25 it seems that any change I make to ROOT/index.jsp does not show up in the browser (in Tomcat 4.xx this was easy to do). I am sure this is some sort of caching problem so I've been looking for the compiled JSP in the work directory to delete it. Very strange, but it doesn't seem like this JSP is compiled anywhere. Does Tomcat 5.0 have some sort of memory resident or log caching that persists even after the server is restarted? Any guidance would be appreciated. Thanks. Mike __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Managing Session Objects - Preventing a Degredation in Performance
H It doesn't seem like the tag concept would work if a user just clicked out of a process. Also, I do not like the idea of putting this type of cleanup in a custom tag (View tier). I'd like to keep the functionality of the MVC tiers as clean as possible. BTW: What is "YMMV"? Thx. Mike --- QM <[EMAIL PROTECTED]> wrote: > On Sat, May 29, 2004 at 07:18:27PM -0700, Mike Duffy wrote: > : As I said in my original email: You could try to map every process exit > : and remove unneeded objects at then end of a process; however, > : implementing this might be burdensome in a complex application. > > -which is why I tend to push for Suggestion #3: Load Test and Size > Accordingly. =) You even have your choice of GC algos with JDK 1.4+, so > the garbage collection shouldn't be too much of a concern. > > > Otherwise: > > - Each Action keeps a list of keys, for objects it stores in > the session. This list would be the same for every Action > in the same process. > > Store said list in the Request object under a known key, > each time the Action is called. (Same key, app-wide.) > > - Create a custom tag that looks for said key, and deletes every > session object named there. Call this tag, "" > > - Place "" at the end of every error page and > "end of process" page. > > That's effectively your "finally" clause right there. > > YMMV, but if you use Struts declarative exception handling (i.e. you have > just a handful of error pages) then this wouldn't be a lot of work to > implement, nor to maintain. > > -QM > > -- > > software -- http://www.brandxdev.net > tech news -- http://www.RoarNetworX.com > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Managing Session Objects - Preventing a Degredation in Performance
As I said in my original email: You could try to map every process exit and remove unneeded objects at then end of a process; however, implementing this might be burdensome in a complex application. Suggestion #2 fro QM makes this point and adds clarification: "Obviously a "process" in this case may span several requests; so, like good code, you'll have to account for removing the object even in the event the process short-circuits (e.g. when the user hits an error page instead of reaching the proper ending). Unlike good code, you don't have a handy "finally{}" clause... =)" The tricky part is, cleaning up after a multi-request process terminates because the process could terminate in unexpected ways (someone simply abandons the process by clicking another link, etc.). Here is what I think might be a pragmatic solution within a Struts framework: Assume we are building a CRM application and we are creating the process that enters customer contacts. The first page of the process is contactEntryOne.jsp. The page is displayed by clicking a link that is mapped to DisplayContactEntryAction.java (an action class that simply forwards to contactEntryOne.jsp). A submit button on contactEntryOne.jsp is mapped to ProcessContactEntryOne.java, an action class that does some processing, stores some objects in the session and then sends the user to another JSP which has another submit button mapped to ProcessContactEntryTwo.java, and so on. The process ends with a call to DisplayContactEnteredAction.java (which may simply forward to a success page). By convention, we could agree that all processes begin and end with a call to an action class that begins with "Display...": DisplayContactEntryAction.java , and DisplayContactEnteredAction.java. We could also agree that all intermediate processes are done by a call to an action class that begins with "Process..." If we assume that once a process ends or a new process begins, all the session objects for the old process are invalid, life becomes simple :). In every "Display..." action class (which may begin or end a process or just display a single page) we can make a call to a utility method that clears the session of all objects except a predetermined set. The overhead of making a call to a session cleanup utility method would be marginal compared to the increase in system efficiency. Please note, the degradation in performance due to session objects is not just a matter of system speed and memory. You reach a point in a complex system where the number of objects chokes the JVM's garbage collector. Buying a faster system with more memory will help, but writing good code might be a better solution What are your thoughts on the merits of this solution? Mike --- QM <[EMAIL PROTECTED]> wrote: > On Sat, May 29, 2004 at 11:31:26AM -0700, Mike Duffy wrote: > : I asked these question in the Struts list and only received a minimal response: > Does anyone > have > : any good ideas on managing session objects? In a complex application how do you > insure that > the > : session does not become over burdened with unnecessary objects, thus degrading > system > performance? > > In no particular order: > > 1/ Use the Request object when you can; use the Session when you must. > (Paraphrasing a line I hear a lot in the C++ world...) > If you don't put something in the session, it certainly can't > stick around and take up space. > > 2/ Make sure each process that puts an object in the session is > designed to remove it. Obviously a "process" in this case may > span several requests; so, like good code, you'll have to > account for removing the object even in the event the process > short-circuits (e.g. when the user hits an error page instead > of reaching the proper ending). Unlike good code, you don't > have a handy "finally{}" clause... =) > > 3/ Load-test your app and size memory accordingly. Even with the > best-laid cleanup plans, people will close browsers without > formally logging out, etc. You simply have to deal with this > and make sure your app has enough heap space to handle the number > of concurrent users. Size per your worst-case scenario. > > 1 and 2 are coding practices, and must be enforced by the architect (by > explaining to the developers). This takes place before and during > development. > > 3 is an architectural issue, addressed during development and after a > good portion of the app has come to life. > > > ps - please create a new message when mailing the list. Responding to > an old (unrelated) message plays hell with thread-aware mailers, even if > you change the subject. Thank you. >
Managing Session Objects - Preventing a Degredation in Performance
I asked these question in the Struts list and only received a minimal response: Does anyone have any good ideas on managing session objects? In a complex application how do you insure that the session does not become over burdened with unnecessary objects, thus degrading system performance? You could try to map every process exit and remove unneeded objects at then end of a process; however, implementing this might be burdensome in a complex application. You could call a session cleanup method at the beginning of every new process and remove all the unnecessary objects at that point. Any other ideas? Thx. Mike __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Clustering Application Scope Objects
>>>how would you solve conflicts? For my purposes, I would let the database manage conflicts. Each application scope object would be tied to the database, a change made on a specific application server would first update the database. For example, the information from a table containing label/value pairs for product categories would be stored in application scope on each server at system startup. If a change were made to the product categories, the change would first made to the database and then a change notification would be broadcast to all servers in the cluster, each server would then reload the information from the database. In other cases, where application scoped objects are not backed by a database, the task of handling conflicts becomes more difficult. I think you would almost need to create some sort of locking mechanism that does not allow changes to be made during an update. Mike --- "Filip Hanik (lists)" <[EMAIL PROTECTED]> wrote: > not implemented right now, how would you solve conflicts? > > > > Filip > > -Original Message- > From: Mike Duffy [mailto:[EMAIL PROTECTED] > Sent: Friday, April 09, 2004 5:48 PM > To: Tomcat Users List > Subject: Clustering Application Scope Objects > > > I've read documentation for The Tomcat 5 Servlet/JSP Container: > Clustering/Session Replication HOW-TO > http://jakarta.apache.org/tomcat/tomcat-5.0-doc/cluster-howto.html > > I understand clustering for individual user sessions. Are there any > correlated methods for > clustering application scope objects? > > The J2EE API for the Interface ServletContext states, "In the case of a web > application marked > "distributed" in its deployment descriptor, there will be one context > instance for each virtual > machine. In this situation, the context cannot be used as a location to > share global information > (because the information won't be truly global). Use an external resource > like a database > instead." > > Rather than use a database, what I would like to be able to do is make a > call to > > servlet.getServletContext().setAttribute(key, object); > > and have the object stored in the application scope of all servers in the > cluster. > > I know that EJBs were designed to serve this purpose; however, I would like > to bypass the overhead > and complexities of EJBs. > > If there isn't a switch that can be flipped in Tomcat, there might be a way > to create a > lightweight JMS administration class to serve this purpose. Has anyone > tried this? > > If the answer to this question is RTFM, please send a link; I've looked > through the documentation > and I can't seem to find a clear reference. > > Thanks for your time and consideration. > > Mike > > > > > __ > Do you Yahoo!? > Yahoo! Small Business $15K Web Design Giveaway > http://promotions.yahoo.com/design_giveaway/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.654 / Virus Database: 419 - Release Date: 4/6/2004 > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.654 / Virus Database: 419 - Release Date: 4/6/2004 > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > __ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Clustering Application Scope Objects
I've read documentation for The Tomcat 5 Servlet/JSP Container: Clustering/Session Replication HOW-TO http://jakarta.apache.org/tomcat/tomcat-5.0-doc/cluster-howto.html I understand clustering for individual user sessions. Are there any correlated methods for clustering application scope objects? The J2EE API for the Interface ServletContext states, "In the case of a web application marked "distributed" in its deployment descriptor, there will be one context instance for each virtual machine. In this situation, the context cannot be used as a location to share global information (because the information won't be truly global). Use an external resource like a database instead." Rather than use a database, what I would like to be able to do is make a call to servlet.getServletContext().setAttribute(key, object); and have the object stored in the application scope of all servers in the cluster. I know that EJBs were designed to serve this purpose; however, I would like to bypass the overhead and complexities of EJBs. If there isn't a switch that can be flipped in Tomcat, there might be a way to create a lightweight JMS administration class to serve this purpose. Has anyone tried this? If the answer to this question is RTFM, please send a link; I've looked through the documentation and I can't seem to find a clear reference. Thanks for your time and consideration. Mike __ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.0 Not Displaying the Stack Trace
I just switched to Tomcat 5.0. For some reason the stack trace is not displayed when an error is generated (the error is in the log); a blank page is displayed. Any suggestions? Thanks. Mike __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Configuring a Data Resource in web.xml
The reference book I have shows how to configure a data resource (JDBC) in the server.xml. Does anyone have a reference on how to do this in the web.xml? I'd like to be able to unpack a war and have everything run, without the need to edit the server.xml. Thanks for your help. Mike __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat Hangs at Startup
I am running Tomcat 4.1.27 on Windows XP. I am experiencing serious hang times at startup. Has anyone seen this before? It hangs right after the following block: Aug 29, 2003 5:36:30 PM org.apache.commons.modeler.Registry loadRegistry INFO: Loading registry information Aug 29, 2003 5:36:30 PM org.apache.commons.modeler.Registry getRegistry INFO: Creating new Registry instance Aug 29, 2003 5:36:38 PM org.apache.commons.modeler.Registry getServer INFO: Creating MBeanServer Aug 29, 2003 5:36:39 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 80 Starting service Tomcat-Standalone Apache Tomcat/4.1.27 It hangs again after the following block: Aug 29, 2003 5:38:29 PM org.apache.struts.tiles.TilesPlugin init INFO: Tiles definition factory loaded for module ''. Aug 29, 2003 5:38:29 PM org.apache.struts.validator.ValidatorPlugIn initResources INFO: Loading validation rules file from '/WEB-INF/validator-rules.xml' Aug 29, 2003 5:38:30 PM org.apache.struts.validator.ValidatorPlugIn initResources INFO: Loading validation rules file from '/WEB-INF/validation.xml' Thanks! Mike __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Total Linux Newbie Question
With all the Windows viruses going around, I've decided to spend the weekend switching from Windows to Linux for my workstation at home. Could someone please help me with a very basic question when running Tomcat under Linux: When I start Tomcat in the Linux terminal using "./startup.sh" I don't get to see any of the Tomcat output.In Windows I would get to see a scrolling DOS Window. How can I get to see the output when running under Linux? Thanks. Mike __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with Bookmarking a Login Page
Thank Craig. I think the correct way to "educate" users is to create a specific error-page for the 400 error which says something like, "You may have reached this error page from the login page..", and to have a link on that page to the default secured page (which means the login page would be displayed when the user clicked on the link). Can you confirm that j_security_check can only be called by the container in response to a browser request, meaning that it is not possible to call j_security_check directly or to "force" a call by forwarding or redirecting to a secured page? This would rule out any attemps to create a filter based on a call to the login page. Also, it doesn't look like there are any methods in the API to set users and roles in the session that could then be available to the methods getUserPrincipal(), isUserInRole(), etc. This would mean that if you are going to come up with your own A/A framework you have to bypass the container A/A completely. Is that correct? Mike --- "Craig R. McClanahan" <[EMAIL PROTECTED]> wrote: > > > On Tue, 25 Mar 2003, Steven J. Owens wrote: > > > Date: Tue, 25 Mar 2003 03:54:23 -0500 > > From: Steven J. Owens <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>, > > [EMAIL PROTECTED] > > To: Tomcat Users List <[EMAIL PROTECTED]> > > Subject: Re: Problem with Bookmarking a Login Page > > > > On Sun, Mar 23, 2003 at 05:10:43AM -0800, Mike Duffy wrote: > > > Does anyone know of a Struts work around for the problem with > Tomact > > > in bookmarking the login page for container managed security? > > > > I believe, based on past conversations here, that Struts has > its > > own security filter solution to use, instead of standard J2EE > > security. > > > > That is not actually true. There are alternative solutions to > container-managed security which work fine with Struts (such as the > securityfilter project at SourceForge), but they are by no means > specific > to Struts. > > > > There was a brief thread on this issue about a month ago > > > > [http://www.mail-archive.com/[EMAIL PROTECTED]/msg59734.html] > > > > > > There is a SourceForge project called SecurityFilter that can > be used > > > to replace Tomcat's container managed security, but it would be > nice > > > to be able to work with Tomcat. > > > > I built my current project with standard J2EE security > realms, > > and currently plan to tell my users "don't do that." I do have a > > vague hope, that I will one day get around to exploring, of > setting up > > a servlet filter that intervenes *before* the security realm gets > > invoked, and filters out direct requests to the login page, > forwarding > > them to the main system page. However, I haven't even had a > chance to > > look into this, yet. > > > > > Has anyone tried to call "j_security_check" directly from an > Action > > > class? Once you can authenticate a user you would be able to > get the > > > roles for that user. > > > > > > Is there a way to set up a JDBC Realm purely in Struts? I did > not see > > > any information on this in a quick scan of the documentation. > > > > > > Hopefully, the good people working on Tomcat see this as a bug > that > > > needs to be fixed. > > > > As far as I've been able to determine, looking at the > archives, > > the answer is "broken as designed", i.e. the spec is broken but > tomcat > > is implementing the spec (which, since tomcat is the reference > > implementation, I can't really fault them for). The upshot is > they > > won't change it until the spec changes (and hopefully specifies a > more > > reasonable solution). > > > > > Quote from a recent thread in the Tomcat news group: "I wish > that > > > there was a legitimate configuration change to enable you to > bookmark > > > a login.jsp page--such as a j_success_url parameter which > instructs > > > Tomcat where to send users if not doing an automated login > process." > > > > > > Another user stated, "...I simply just can't believe that there > are > > > Tomcat instances out there in a live production environment > with > > > configured realms that suffer from this problem. Surely there > must be > > > something" > > > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg77974.html > > > > If yo
Status 400 - Invalid direct reference to form login page
Status 400 - Invalid direct reference to form login page The above error is generated when a user bookmarks the login page on an application server where container managed security is used. Does anyone have an elegant way of dealing with this error? Putting a note on the login page saying, Please dont bookmark me. is obviously inelegant. There does not seem to be a work around because j_security_check must be called from the container. All my attempts to call j_security_check directly failed. My attempts to create a filter also failed because I could not find a differentiator in the request between a bad call to the login page and a good call. I could force entry through an intermediate page by creating an error-page entry in the web.xml: 400 intermediatePage.jsp The intermediate page could have a link to a protected entry point (from which the container would call the login page). But, Status 400 is a general bad request, not necessarily this specific bad request. Note: If your is a protected resource and you forward a user to that location by creating an error-page reference in web-xml, the user will get to the protected page, but not be authenticated. It seems that authentication is only invoked when it comes through a browser not through a forward or redirect. Actually, it seems that the only answer is to junk the container managed security wired into Tomcat and use the SecurityFilter project at SourceForge or write my own. Any thoughts? __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem with Bookmarking a Login Page
Does anyone know of a Struts work around for the problem with Tomact in bookmarking the login page for container managed security? There was a brief thread on this issue about a month ago [http://www.mail-archive.com/[EMAIL PROTECTED]/msg59734.html] There is a SourceForge project called SecurityFilter that can be used to replace Tomcat's container managed security, but it would be nice to be able to work with Tomcat. Has anyone tried to call "j_security_check" directly from an Action class? Once you can authenticate a user you would be able to get the roles for that user. Is there a way to set up a JDBC Realm purely in Struts? I did not see any information on this in a quick scan of the documentation. Hopefully, the good people working on Tomcat see this as a bug that needs to be fixed. Quote from a recent thread in the Tomcat news group: "I wish that there was a legitimate configuration change to enable you to bookmark a login.jsp page--such as a j_success_url parameter which instructs Tomcat where to send users if not doing an automated login process." Another user stated, "...I simply just can't believe that there are Tomcat instances out there in a live production environment with configured realms that suffer from this problem. Surely there must be something" http://www.mail-archive.com/[EMAIL PROTECTED]/msg77974.html Thanks. Mike __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]