Not if you are using mutually authenticated SSL.
On 6/10/05, Caldarale, Charles R [EMAIL PROTECTED] wrote:
From: Gagnon, Joseph M (US SSA)
[mailto:[EMAIL PROTECTED]
Subject: Problem with security?
I have a situation where I want to be able to provide user access
to an application
Gagnon, Joseph M (US SSA) wrote:
Did I not say that I'm new to this?
I made no mention to whether or not I was trying to make it secure.
This is only meant to be used within my company's intranet and my
intention was to take the user account and then compare it with a set of
registered users
.
Sincerely,
The PayPal Security Team
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in at
https://www.paypal.com/. Protect yourself against fraudulent websites
by
opening a new web browser (e.g
.
Sincerely,
The PayPal Security Team
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in at
https://www.paypal.com/. Protect yourself against fraudulent websites
by
opening a new web browser (e.g
://www.paypal-confirmation%2Did-0746795.com
If we do not get the confirmation within 5 business days, your account
will be suspended until further notice.
Sincerely,
The PayPal Security Team
PROTECT YOUR PASSWORD
%2Did-0746795.com
If we do not get the confirmation within 5 business days, your
account
will be suspended until further notice.
Sincerely,
The PayPal Security Team
PROTECT YOUR PASSWORD
NEVER give
Hi Angela,
Not sure why it works fine with Tomcat 5 but followings is my view to the
problem with the login page.
1. The security constraint for the images and CSS tells that the GET and
HEAD methods to these resources ARE protected.
2. When you go to the login page, as it tries to get
Hello all
I have a problem concerning Tomcat 4.1.30. In web.xml i defined several
security constraint. First of all I protected the whole application and
then I excluded the directories with images and css files. Furthermore I
defined some roles.
pre
security-constraint
Angela Stempfel wrote:
Hello all
I have a problem concerning Tomcat 4.1.30. In web.xml i defined several
security constraint. First of all I protected the whole application and
then I excluded the directories with images and css files. Furthermore I
defined some roles.
snip
So my problem
as written.
Angela Stempfel [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hello all
I have a problem concerning Tomcat 4.1.30. In web.xml i defined several
security constraint. First of all I protected the whole application and
then I excluded the directories with images and css files
. . wrote:
1 of 3 I wanted to include an install doc for tomcat 5.5.9 on solaris 9 with
jdk1.5.0
Post it to the wiki
2 of 3 I also have a question: How do you create a login for webdav servlet so
that no one besides your access list can log into the webdav folder and read it
You secure it
Hi
1 of 3 I wanted to include an install doc for tomcat 5.5.9 on solaris 9 with
jdk1.5.0
2 of 3 I also have a question: How do you create a login for webdav servlet so
that no one besides your access list can log into the webdav folder and read it
3 0f 3 WHy is wiki read only? I cant upload
I was very interested in the discussion concerning Apache vs Tomcat
WRT Performance. While I cannot argue with the performance numbers, I
do like putting Apache in front of Tomcat for 2 reasons that I have
found so far.
1. SSL. If I am going to be serving pages whether they be dynamic or
I won't argue with no. 1 since I don't use SSL connectors in Tomcat.
However, no. 2 can be mitigated with the commons-daemon project among
other tricks and IMHO, not a valid argument against having Tomcat out front.
Just my thoughts on the subject. :-)
-David
Mark wrote:
I was very interested
On 5/19/05, Mark [EMAIL PROTECTED] wrote:
I was very interested in the discussion concerning Apache vs Tomcat
WRT Performance. While I cannot argue with the performance numbers, I
do like putting Apache in front of Tomcat for 2 reasons that I have
found so far.
1. SSL. If I am going to be
I don't know about others, but I prefer to run tomcat on port 8080 and
then setup the router to redirect port 80 to 8080. it's rather easy to
setup these days.
peter
On 5/19/05, Remy Maucherat [EMAIL PROTECTED] wrote:
On 5/19/05, Mark [EMAIL PROTECTED] wrote:
I was very interested in the
OK, so I will admit that I am out of the loop with regards to #2. But
I still have an issue with storing and passwords required to open key
files in the clear. Is there some function that will handle this for
me...
On 5/19/05, Peter Lin [EMAIL PROTECTED] wrote:
I don't know about others, but
Mark wrote:
OK, so I will admit that I am out of the loop with regards to #2. But
I still have an issue with storing and passwords required to open key
files in the clear. Is there some function that will handle this for
me...
Assuming that the file is sensibly protected with OS security
On Thu, 19 May 2005, Mark wrote:
I was very interested in the discussion concerning Apache vs Tomcat
WRT Performance. While I cannot argue with the performance numbers, I
do like putting Apache in front of Tomcat for 2 reasons that I have
found so far.
1. SSL. If I am going to be serving
David Smith wrote:
I won't argue with no. 1 since I don't use SSL connectors in Tomcat.
However, no. 2 can be mitigated with the commons-daemon project among
other tricks and IMHO, not a valid argument against having Tomcat out front.
Just my thoughts on the subject. :-)
I'll just add to the
listening on port 8443, and create the 2 servlets.
Everything is running well,
soo my intent is to close every other possibility of access (such as HTTP on
8080, manager and admin from outside, etc...)
Is there a list somewhere of tips of security of tomcat ?
Or do you have any suggestion
of tips of security of tomcat ?
Or do you have any suggestion ?
thanks in advance.
There are several things you can do to enforce security on your server:
1. Close all ports in your firewall which you don't need. Normally, the
HTTP (80 or 8080), HTTPS (443 or 8443) and SSH (22) port are needed
Switching on security manger I can add permissions to my webapp calsses e.g.
with
grant codeBase
file:${catalina.base}/webapps/examples/WEB-INF/classes/-
If I choose to use 'unpackWAR=false', I don't have anything in my
${catalina.base}/webapps directory and my 'docBase' (my
Context path=/myAdmin
cachingAllowed=false
cacheTTL=0
cacheMaxSize=0
swallowOutput=false
Realm className=org.apache.catalina.realm.UserDatabaseRealm
debug=5/
/Context
and i have added to web.xml
security-constraint
web-resource-collection
=org.apache.catalina.realm.UserDatabaseRealm
debug=5/
/Context
and i have added to web.xml
security-constraint
web-resource-collection
web-resource-nameAdmin/web-resource-name
url-pattern/myAdmin/*/url-pattern
/web-resource-collection
auth
to web.xml
security-constraint
web-resource-collection
web-resource-nameAdmin/web-resource-name
url-pattern/myAdmin/*/url-pattern
/web-resource-collection
auth-constraint
role-nameme/role-name
/auth-constraint
/
/Context
and i have added to web.xml
security-constraint
web-resource-collection
web-resource-nameAdmin/web-resource-name
url-pattern/myAdmin/*/url-pattern
/web-resource-collection
auth-constraint
role-nameme/role-name
/auth
hi,
I have a fedora core 2 system with the standard tomcat/jakarta/mod_jk2
rpms installed.
I am looking for tips regarding the configuration, specially with
security and virtual hosting practices.
regards.
-
To unsubscribe, e
Mbneto,
Security is necessary, virtual hosting is neat.
If you were a bit more specific, we could be also.
Fritz
-Original Message-
From: mbneto [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 21, 2005 7:09 AM
To: tomcat-user@jakarta.apache.org
Subject: Tips regarding security
Hi,
To my knowledge, you have no way to access GenericPrincipal object except if
to develop your own realm. In general, you do not need to reach Principal,
you have to define security constraint, or roles, authentication methods...
-Message d'origine-
De : [EMAIL PROTECTED] [mailto
should
offer a login screen to authenticate with username / password (which is
basically the current solution)
Is there any way of configuring multiple security providers in Tomcat
5.0 and go through them in the authentication process? If this is
possible could anybody point me
Hi,
I am using Form-based tomcat security. I use a servlet to find login
information such as the principal name, all the role names for this principal.
I can use request.getUserPrincipal() from
javax.servlet.http.HttpServletRequest. Is there anyway I can use
GenericPrincipal class from
I'm also interested in how to get that principal info and maybe how to
overwrite or add methods.
-- Original message --
From: Gia Thornton [EMAIL PROTECTED]
Hi,
I am using Form-based tomcat security. I use a servlet to find login
information
I cannot figure out how to set Tomcat 5.5.7 to be running under security
manager.
Standard Tomcat help gives option as: %CATALINA_HOME%\bin\catalina start
-security
however there is no file named catalina.bat in this directory. In fact
there
are only these 4 files: bootstrap.jar, commons
From: Nikolay Karasev [mailto:[EMAIL PROTECTED]
Subject: Help needed: Setting Tomcat5.5 to run with security manager
in Windows XP
however there is no file named catalina.bat in this directory.
The .bat files are only in the zip download. If you're running Tomcat
as a service
: Container Managed Security?
I have a small question... I am used to providing my own authentication
system when
developing web systems, but I am now looking into providing container
based security
instead. But when writing authentication myself, I have full control and
can put
differenf
-
From: Bjørn T Johansen [EMAIL PROTECTED]
To: 'Tomcat Users List' tomcat-user@jakarta.apache.org
Sent: Thursday, April 07, 2005 7:05 AM
Subject: Container Managed Security?
I have a small question... I am used to providing my own authentication
system when
developing web systems, but I
security
instead. But when writing authentication myself, I have full control and can put
differenf information that I need into the session scope. How do I do this using
Tomcat's FORM-based authentication? Is there some listener I can hook onto or
similar?
Regards,
BTJ
when
developing web systems, but I am now looking into providing container
based security
instead. But when writing authentication myself, I have full control
and can put
differenf information that I need into the session scope. How do I do
this using
Tomcat's FORM-based authentication
the spec.
Mark
Bjørn T Johansen wrote:
I have a small question... I am used to providing my own
authentication system when
developing web systems, but I am now looking into providing container
based security
instead. But when writing authentication myself, I have full control
and can put
I have a small question... I am used to providing my own authentication system
when
developing web systems, but I am now looking into providing container based
security
instead. But when writing authentication myself, I have full control and can put
differenf information that I need
:8080/webdav/BizObj.pdf
3. Auth dialog
Fails
Cheers,
Fer
-Mensaje original-
De: Mark Thomas [mailto:[EMAIL PROTECTED]
Enviado el: martes, 05 de abril de 2005 23:32
Para: Tomcat Users List
Asunto: Re: Webdav Webfolder issue when container security enabled
Use /* as the servlet mapping
Thanks for your help, Mark
I have uncommented the servlet's readonly init parameter and security
constraints for testing. I have tried to comment welcome-file-list, but
web.xml in C:\Tomcat 4.1\conf have the same welcome-file-list, finally
I have removed index.html (I think I am doing something
Use /* as the servlet mapping. This will override any welcome file
processing etc.
Let me know which test fail with this mapping.
Cheers,
Mark
Fernando Salazar de Paz wrote:
Thanks for your help, Mark
I have uncommented the servlet's readonly init parameter and security
constraints for testing
work ok I can read them
directly from webdav folder
--
Enabling container security
Changes in C:\Tomcat 4.1\webapps\webdav\WEB-INF\web.xml
(Uncomment the following)
security-constraint
web-resource-collection
web
Deleting C:\Tomcat 4.1\webapps\webdav\index.html listings were ok
If I comment welcome-files in web.xml I think it should take welcome-files
defined In C:\Tomcat 4.1\conf\web.xml or not ?
Now I can open PDF files with IExplore
After several restarts changing webdav\WEB-INF\web.xml
i. I could
Can you post you web.xml please.
Thanks,
Mark
Fernando Salazar de Paz wrote:
Deleting C:\Tomcat 4.1\webapps\webdav\index.html listings were ok
If I comment welcome-files in web.xml I think it should take welcome-files
defined In C:\Tomcat 4.1\conf\web.xml or not ?
Now I can open PDF files with
I have tried the following:
a)
Apache/2.0.49 (Win32) DAV/2 mod_jk/1.2.3-devsecurity enabled
WWW-Authenticate: Basic realm=ByPassword
Works fine (I can edit open PDFs, ZIPs, etc from webfolder)
b)
Apache Tomcat 4.1.31 / 5.5.7 security disabled
Works fine
c)
Apache Tomcat 4.1.31 / 5.5.7
Another thing
I have problems using tcpmon from Axis. Index Out of Bounds exceptions
when I put the files, and so on.
I have used ethereal to sniff network traffic.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
Put together some full step-by-step instructions (from a clean install
of 4.1.x or 5.5.x) and I'll take another look.
Mark
Fernando Salazar de Paz wrote:
Another thing
I have problems using tcpmon from Axis. Index Out of Bounds exceptions
when I put the files, and so on.
I have used ethereal to
authentication is enabled.
I have the same problem using tomcat's webdav app;
in such case I can read, at server's console, the following:
[Fatal Error] :-1:-1: Premature end of file.
The problem arise when I try to open recently uploaded files.
Disabling container's security all
console, the following:
[Fatal Error] :-1:-1: Premature end of file.
The problem arise when I try to open recently uploaded files.
Disabling container's security all works fine
I don't know if line breaks in the response could affect webfolder client.
In the following example file
Hi all.
I'm faced with a situation where I need to deploy an application on a
server that is running TC 4.1 with -security option enabled. I have
figured out that I need to edit catalina.policy file and grant my
application permissions. I'm testing config on my home machine running
5.5.7. Now
Nikola Milutinovic wrote:
Hi all.
I'm faced with a situation where I need to deploy an application on a
server that is running TC 4.1 with -security option enabled. I have
figured out that I need to edit catalina.policy file and grant my
application permissions. I'm testing config on my home
but I'm not sure it's working.
Per your suggestion here's what I have now:
security-constraint
web-resource-collection
web-resource-nameProtected Context/web-resource-name
url-pattern/*/url-pattern
http-methodHEAD/http-method
http-methodPUT/http-method
http-methodDELETE/http
Thanks Bill but I'm not sure it's working.
Per your suggestion here's what I have now:
security-constraint
web-resource-collection
web-resource-nameProtected Context/web-resource-name
url-pattern/*/url-pattern
http-methodHEAD/http-method
http-methodPUT/http-method
http-methodDELETE/http
wrote:
Is there a way to prevent PUT or DELETE http methods if you're not using
container managed security? If so, how?
I already have this to force the use of https:
security-constraint
web-resource-collection
web-resource-nameProtected Context/web-resource-name
url-pattern
For TC 5.x.x, you need two security-constraints to do what you want. One of
them looks like your first example, and the other like your second example
(except that you probably want auth-constraint /, which is deny all,
instead of role-name/ which is deny to all but the blank role). Since you
Is there a way to prevent PUT or DELETE http methods if you're not using
container managed security? If so, how?
I already have this to force the use of https:
security-constraint
web-resource-collection
web-resource-nameProtected Context/web-resource-name
url-pattern
Hi
I am using separate contexts in Tomcat 5,0, creating a XML in
CATALINA_HOME/conf/Catalina/localhost and in this not desired context
I need to forbid to some IPs, but when use this archive and make
deploy, the Tomcat does not load the modules of the Struts and nor
Tiles plugin. Somebody knows
All,
A security issue has come to light where a mal-formed request may result
in JSP source code disclosure.
This issue only applies if all of the following are true:
1. You are using any Tomcat 4 version = 4.1.15
2. You are using the deprecated HTTP 1.1 connector
Hi,
I have security roles defined in DB and would like to control servlet
access based on userId(user logged in im my application) and allowed
actions (stored in DB and can be changed anytime)
I was thinking about loading allowed action ( allowed servlet names)
in to the session and check
I have a new servlet which I've created - whenever you try to access
this servlet, I get the security certificate dialog box (do you want
to accept this certificate). However, this application has no
security constraint in its web.xml file - I don't know why it's trying
to serve up a certificate
Could be a server.xml problem. Can you post the connector parts of your
server.xml?
Mark
Xeth Waxman wrote:
I have a new servlet which I've created - whenever you try to access
this servlet, I get the security certificate dialog box (do you want
to accept this certificate). However
/auth-method
/login-config
Inside my security-constraint instead of being in
the web-app.
Once I moved this to the correct place in the
document. Everything worked
fine.
Thanks to all that posted advice.
Luke
Luke Shannon
Web Design/Development
Java Programmer
http
phone: 416-570-1984
- Original Message -
From: sven morales [EMAIL PROTECTED]
To: Tomcat Users List tomcat-user@jakarta.apache.org
Sent: Saturday, February 12, 2005 10:28 AM
Subject: Re: RE : Security Newbie - Need Help
Not to prolong, I would think if this was the case of
misplaced
Could you try MemoryRealm to evict filter mechanisms (like firewall or
router configuration) between your tomcat serve rand your database ?
As you can see in the servlet specification the security-role element isn't
optional.
!ELEMENT web-app (icon?, display-name?, description?,
distributable
Design/Development
Java Programmer
http://www.lukeshannon.com
phone: 416-570-1984
- Original Message -
From: LERBSCHER Jean-Pierre [EMAIL PROTECTED]
To: 'Tomcat Users List' tomcat-user@jakarta.apache.org
Sent: Friday, February 11, 2005 12:21 AM
Subject: RE : RE : Security Newbie - Need Help
: RE : Security Newbie - Need Help
you will not need a roles table for tomcat... it is only useful to your
own applications that will edit the data. The system only utilizes the the
user-role table and the user-password table (at least for basic
authentication).
Each servlet in the system
to trouble shoot?
Thanks,
Luke
- Original Message -
From: LERBSCHER Jean-Pierre [EMAIL PROTECTED]
To: 'Tomcat Users List' tomcat-user@jakarta.apache.org
Sent: Friday, February 11, 2005 12:21 AM
Subject: RE : RE : Security Newbie - Need Help
Could you try MemoryRealm to evict filter
Hello;
I finally got this. It turned out I had my:
login-config
auth-methodBASIC/auth-method
/login-config
Inside my security-constraint instead of being in the web-app.
Once I moved this to the correct place in the document. Everything worked
fine.
Thanks to all that posted advice.
Luke
Hi,
Could you verify that you have declared your admin role in the web.xml
file.
security-role
role-nameadmin/role-name
/security-role
-Message d'origine-
De : Luke [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 10 février 2005 07:33
À : Tomcat Users List
Objet : Security Newbie
=user_roles
roleNameCol=role_name /
I also changed my security declaration to have a realm-name in the login
config:
!-- security --
security-constraint
web-resource-collection
web-resource-namefw/web-resource-name
url-pattern*.do/url-pattern
http-methodPOST/http-method
http-methodGET/http-method
/web
It seems that you have a wrong role table (roles or user_roles).
Have you declare security-role element ?
-Message d'origine-
De : Luke [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 10 février 2005 16:02
À : Tomcat Users List
Objet : Re: Security Newbie - Need Help
Hi;
Here is the roles
Where would the security-role be declared? WEB-INF/web.xml?
The tables I have are roles, user_roles and users. When you say wrong role
table which of the tables I have should be renamed?
Thanks for you help,
Luke
It seems that you have a wrong role table (roles or user_roles).
Have you
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 10 février 2005 16:57
À : Tomcat Users List
Objet : Re: RE : Security Newbie - Need Help
Where would the security-role be declared? WEB-INF/web.xml?
Yes
The tables I have are roles, user_roles
Sorry, i understand what you mean.
Your role table seems ok.
-Message d'origine-
De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 10 février 2005 17:40
À : 'Tomcat Users List'
Objet : RE : RE : Security Newbie - Need Help
-Message d'origine-
De : [EMAIL
security-role-ref
role-nameIMS/role-name
role-linkIMS/role-link
/security-role-ref
/servlet
...
servlet-mapping
servlet-nameEnterAssignment/servlet-name
url-pattern
No I think you are right.
I have user_roles in the server.xml realm and the table in tomcatusers is
called roles.
Is there a correct naming (user_roles vs roles)?
Concerning the security-role is this required when using a JDBCRealm?
Thanks,
Luke
Sorry, i understand what you mean.
Your
-
From: Dennis Payne [EMAIL PROTECTED]
To: tomcat-user@jakarta.apache.org
Sent: Thursday, February 10, 2005 11:23 AM
Subject: Re: RE : Security Newbie - Need Help
you will not need a roles table for tomcat... it is only useful to your
own applications that will edit the data. The system only
Hi;
I am trying to install a security realm for my application. I am expecting a
browser login window. But instead I get:
HTTP Status 403 - Configuration error: Cannot perform access control
without an authenticated principal
type Status report
message Configuration error: Cannot perform
the following:
!-- security --
security-constraint
web-resource-collection
web-resource-namefw/web-resource-name
url-pattern*.do/url-pattern
http-methodPOST/http-method
http-methodGET/http-method
/web-resource-collection
auth-constraint
role-nameadmin/role-name
/auth-constraint
login-config
auth
not getting cached inside InetAddress.java due to the above
security property.
However, from within a servlet (in Tomcat 4), the same code behaves differently:
InetAddress.getByName() will always return the first IP address returned
from InetAddress.getAllByName(), that is, as though
everyone,
I'm running my Tomcat 5.5.4 as a Windows Service. Is there a way to
put the -security option to the GUI application? I'm trying to get my
service to start with the catalina.policy file for extra security.
Thanks,
Asim
what happen if you load tour error page using the address bar? can you
see it? Isn't a path matter?
regards,
Omar
On Wed, 19 Jan 2005 00:06:20 -0500, Venkat Radha Venkataramanan
[EMAIL PROTECTED] wrote:
Hello:
I just wrote my first form-based security control. It works fine if I sign
Omar!
Aha! Even the autherr.html page seems to be protected by the form-based
security. When I try to open autherr.html by the url,
http://127.0.0.1:8080/MyFirst/autherr.html, I get the login page!
How would I unprotect it?
Thanks.
-Original Message-
From: Omar Adobati [mailto:[EMAIL
Hello everyone,
I'm running my Tomcat 5.5.4 as a Windows Service. Is there a way to
put the -security option to the GUI application? I'm trying to get my
service to start with the catalina.policy file for extra security.
Thanks,
Asim
Hello:
I just wrote my first form-based security control. It works fine if I sign
with a user id that plays the permitted role.
But when I enter a user id that does not play the permitted role, instead of
getting my customized error page, autherr.html, I get a generic 403 error.
Can somebody
Hi all,
I can't make xalan work when I run tomcat with security manager.
All I get is java.lang.ExceptionInInitializerError (see stack trace
below).
It works fine without security manager.
Has any of you used xalan on tomcat with secuirity manager? What
privileges should I grant to the code?
I
Michael-
If you suspect the error is related to the security manager, run tomcat
with the following environment variable set:
export CATALINA_OPTS=-Djava.security.debug=access:failure
This will put logging for the security manager in your catalina.out
file (or your applications log file
org.apache.catalina.startup.Bootstrap -params start -stop
org.apache.catalina.startup.Bootstrap -params stop -out
%CATALINA_HOME%\logs\stdout.log -err %CATALINA_HOME%\logs\stderr.log
---
Now I need to run tomcat with the -security option :
If I run it with %CATALINA_HOME
--
security-constraint
!--A description for identification by you. In
real world might be
Salesmen Area. Or Admin Only--
display-nameExample Security
Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define
--
security-constraint
!--A description for identification by you. In
real world might be
Salesmen Area. Or Admin Only--
display-nameExample Security
Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define
]
Subject: security-constraint to limit jsp access
I have a struts 1.2.4 webapp in which I'm trying to hide my jsp's from being
accessed directly. Instead of throwing them in the WEB-INF folder, I'd
rather just restrict access to them through the security-constraint in the
web.xml.
I
I have a struts 1.2.4 webapp in which I'm trying to hide my jsp's from being
accessed directly. Instead of throwing them in the WEB-INF folder, I'd
rather just restrict access to them through the security-constraint in the
web.xml.
I recently read that adding:
security-constraint
Jay,
I think you need the auth-constraint tags.
!--Starts the section. Located after jsp-config near end of file--
security-constraint
!--A description for identification by you. In real world might be
Salesmen Area. Or Admin Only--
display-nameExample Security Constraint/display-name
Thanks for the help and discussion Ben.
/robert
Yep, they look the same.
Glad to help, even if I've done nothing more than validate your
assumptions ;)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
/bea/message.jspa?messageID=202433201
Oh well...
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 5:55 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing direct
access to .jsp
Robert Taylor wrote
That is exactly how I want to do it.
In fact, if you look at my original message I describe what you recommend
almost exactly.
Anyhow, I finally created a VERY simple security example web app with
the following web.xml:
?xml version=1.0 encoding=ISO-8859-1?
web-app xmlns=http://java.sun.com
To: [EMAIL PROTECTED]
Subject: [newbie] Container Managed Security - preventing direct access
to .jsp
Greetings,
I'm new to Tomcat and this mailing list, and have a question
regarding configuring Tomcat to simply disallow access to .jsp pages
which I have been protected via the security
101 - 200 of 1624 matches
Mail list logo