SSL and non-secure items
Hi experts, I have a web application configured to be secured by ssl, the problem is at some pages the browser displays a dialog box as a warning that says, this page contains both secure and non-secure items do you want to display non-secure items? and the user has two options yes and no. actually, this page is a table like a grid contains information, and it is paged so user can navigate between pages and for each page this message is displaying. my questions are, 1- why this message appears? 2- how can I find which items are non-secure? 3- how to prevent this message to be displayed programatically? thank you very much -- View this message in context: http://www.nabble.com/SSL-and-non-secure-items-tf4340400.html#a12363998 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
how to setting up SSL for a specific page
hello all when I set up the SSL in tomcat all my pages will be secure (https) but as I've seen in many web sites only login page is secure. how can I secure only pages that contains confidential information and not all the pages? I am using Apache Tomcat 5.5 thank you in advance -- View this message in context: http://www.nabble.com/how-to-setting-up-SSL-for-a-specific-page-tf4135638.html#a11761971 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: a question about user athentication
Thank you all for replying I wanted to prevent the users who were deleted already to logging in. I resolve my problem by extending a class from JDBCRealm and override the getConnection() method (I'm not sure about the method name) and put my select statement with my favorite where clause where status = 0 and username = ? and in security-filter.xml I declared my class instead of tomcat's JDBCRealm thank you again -- View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11454885 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
a question about user athentication
Hi experts I am using Tomcat 5.5 and struts framework and security filter in order to authenticate users like the others I am using j_security_check action but my problem is that I have a field in my user table namely status which represent whether the user is available or deleted by administrator the problem is even if it is deleted the tomcat will authenticate and let that user to sign in, how can I put a condition like where status = 0 to prevent the other users to be signed in? in secirity filter we only specify field names of the table as follows: realm-param name=userNameCol value=userName / realm-param name=userCredCol value=password / any comment would be of a great help thanks -- View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11388743 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: a question about user athentication
Pid-2 wrote: Have a look at JDBCRealm (or DatasourceRealm) in the Tomcat Source. You could alter the SQL statement for password or username so it fails when '... status = 0'. Upload a jar with your new realm in it to server/lib and configure the realm as a replacement for the one in your server.xml. p thanks but how about if I have more than one project deployed on my tomcat? I mean is there any way to specialize this authentication method for one application and for the others it remains as its default -- View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11391841 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
problem when changing code and deploying
Hi all I have a big problem, when I change some classes specially classes with static methods and also Context Listener classes of my appllication and the deploy new changes in already installed application, neither of my changes will apply!!! even if I put some new log they wont appear in the Tomcat console. it seems no new classes being placed in the application but I am sure that they are. I think Tomcat caching them somewhere or serializes them. How can I clear it if there is any serialization or something else. or maybe a parameter in catalina.bat would fix the problem even if I remove the work folder of Tomcat nothing will change. please help me because it takes lots of my times. in one case I had to remove Tomcat and install it again in another folder. I am using Tomcat 5.5 and Windows Server 2003 and JDK 1.5 thanks -- View this message in context: http://www.nabble.com/problem-when-changing-code-and-deploying-tf3661239.html#a10230448 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem when changing code and deploying
Why did you think they would? Only .jsp files can be updated on the fly without restarting the application. oh no, I didnt mean on the fly? I restart the Tomcat but it still remain intact. this happens for static methods and static instance variables. -- View this message in context: http://www.nabble.com/problem-when-changing-code-and-deploying-tf3661239.html#a10239061 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]