Re: Web-site security
Okie will look into it Thanks - Original Message - From: "Michael Wentzel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, 16 January 2001 7:04 PM Subject: RE: Web-site security > > But I was thinking there might be a configuration file that > > does this. I > > think that would be a neater way of doing things than > > including an inlude > > file in all the pages. > > I'm not sure on this one... I don't know of any configurations. > > > Can I write a servlet to which all my requests are > > directed before being passed on to the respective pages? > > The only way I can think of doing a servlet would be more messy > than the include because all requests would have to go through > the servlet first. > > Another thing is try checking out > org.apache.tomcat.request.SessionInterceptor > (referred to in server.xml). I haven't looked at this class at > all but you might be able to extend it, and using properties > files do whatever session checking you need to do before the > standard requestInterceptor stuff gets done. Adding a generic > block of code and using properties files would allow for changing > of session checking without having to recompile. > > > > --- > Michael Wentzel > Software Developer > http://www.aswethink.com">Software As We Think > mailto:[EMAIL PROTECTED]">Michael Wentzel > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Web-site security
Amit, There already is code included in tomcat for intercepting all requests for defined sets of URL's and applying authentication. Look at the definitions of RequestInterceptors for Simple and JDBC Realms in your server.xml file and check out the source for these. Also look at the security constraint section of the web.xml in your examples dir and at the example login.jsp in the security dir If you are using a database to authenticate your users there's a howto at http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/JDBCRealm.howto However be warned I only ever got this to work with tomcat (3.2) standalone. Couldn't get it to work when using apache and tomcat together. From an earlier post on this list got the impression this is because Apache isn't aware of the web.xml settings for your app but don't take my word for it. You are of course also free to write your own custom RequestInterceptor. I'm planning to write my own version of JDBCRealm so that it is capable of handling encrypted passwords. Hope this helps Andrew On Tue, 16 Jan 2001, you wrote: > Thanks Michael, > > But I was thinking there might be a configuration file that does this. I > think that would be a neater way of doing things than including an inlude > file in all the pages. Can I write a servlet to which all my requests are > directed before being passed on to the respective pages? > > Thanks, > > - Original Message - > From: "Michael Wentzel" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, 16 January 2001 6:11 PM > Subject: RE: Web-site security > > > > > How can i specify the default page for my site hosted on Tomcat on NT. I > > want to specify a particular > file (say index.html) where all new > sessions > > are redirected. If a user types a valid url path to my > > > site, specifying any oher file on my site, he/she should be rediected to > > the index.html page. Only > > > when he is logged on, should he be able to access the other pages on my > > site. > > > > I'm sure there are probably other ways of handling this but we have a > common > > include file that consists of session checking code and redirects to > > login.jsp if session is invalid, and this file is included on > > all pages in our context. > > > > > > --- > > Michael Wentzel > > Software Developer > > http://www.aswethink.com">Software As We Think > > mailto:[EMAIL PROTECTED]">Michael Wentzel > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, email: [EMAIL PROTECTED] > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] -- === Andrew Robson 10 Bank Street Glasgow G12 8JQ Tel: (0141) 339 9970 Mobile: 07759 430234 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: Web-site security
> But I was thinking there might be a configuration file that > does this. I > think that would be a neater way of doing things than > including an inlude > file in all the pages. I'm not sure on this one... I don't know of any configurations. > Can I write a servlet to which all my requests are > directed before being passed on to the respective pages? The only way I can think of doing a servlet would be more messy than the include because all requests would have to go through the servlet first. Another thing is try checking out org.apache.tomcat.request.SessionInterceptor (referred to in server.xml). I haven't looked at this class at all but you might be able to extend it, and using properties files do whatever session checking you need to do before the standard requestInterceptor stuff gets done. Adding a generic block of code and using properties files would allow for changing of session checking without having to recompile. --- Michael Wentzel Software Developer http://www.aswethink.com">Software As We Think mailto:[EMAIL PROTECTED]">Michael Wentzel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Web-site security
Thanks Michael, But I was thinking there might be a configuration file that does this. I think that would be a neater way of doing things than including an inlude file in all the pages. Can I write a servlet to which all my requests are directed before being passed on to the respective pages? Thanks, - Original Message - From: "Michael Wentzel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, 16 January 2001 6:11 PM Subject: RE: Web-site security > > How can i specify the default page for my site hosted on Tomcat on NT. I > want to specify a particular > file (say index.html) where all new sessions > are redirected. If a user types a valid url path to my > > site, specifying any oher file on my site, he/she should be rediected to > the index.html page. Only > > when he is logged on, should he be able to access the other pages on my > site. > > I'm sure there are probably other ways of handling this but we have a common > include file that consists of session checking code and redirects to > login.jsp if session is invalid, and this file is included on > all pages in our context. > > > --- > Michael Wentzel > Software Developer > http://www.aswethink.com">Software As We Think > mailto:[EMAIL PROTECTED]">Michael Wentzel > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: Web-site security
> How can i specify the default page for my site hosted on Tomcat on NT. I want to specify a particular > file (say index.html) where all new sessions are redirected. If a user types a valid url path to my > site, specifying any oher file on my site, he/she should be rediected to the index.html page. Only > when he is logged on, should he be able to access the other pages on my site. I'm sure there are probably other ways of handling this but we have a common include file that consists of session checking code and redirects to login.jsp if session is invalid, and this file is included on all pages in our context. --- Michael Wentzel Software Developer http://www.aswethink.com">Software As We Think mailto:[EMAIL PROTECTED]">Michael Wentzel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]