: Re: Overlapping security-constraint definitions?
It's true that how Overlapping security-constraints are handled has
changed between TC 4 TC 5 (since they changed in the servlet-spec),
but that's not what is causing your problem.
[snip
I recently moved from Tomcat 4 to 5, and have discovered that the
handling of overlapping security-constraint definitions in web.xml seems
to have changed. I am hoping someone can recommend the best way to
accomplish what I need to do under TC5.
I have two possible user roles. All users have
It's true that how Overlapping security-constraints are handled has changed
between TC 4 TC 5 (since they changed in the servlet-spec), but that's not
what is causing your problem.
The url-pattern/edit*/url-pattern isn't valid, so it looks like you were
relying on an 'undocumented feature' of TC
Hi,
I try to run the mysql connector with Tomcat with
security enabled
(NT4, jakarta-tomcat-5.0.25, j2sdk1.4.2_05,
mysql-connector-java-3.1.2-alpha-bin.jar)
With the rule
grant {
permission java.net.SocketPermission
localhost:3306, connect,resolve;
};
it works. But this rule is not specific
Hi
Appended is a simple servlet and the errors I get back to the browser.
The errors are produced the first time the servlet is called after
a Tomcat restart under security manager, subsequent calls to the servelt
and a restart with security manager run OK.
The error points
On Thu, Jul 08, 2004 at 11:19:39PM -0500, Steve Luzynski wrote:
: Using Tomcat 5.0.25 on Mac OS X (10.3.4 specifically). Trying to
: implement container managed security.
:
: [snip: deployment descriptor]
:
: When I try to hit a url like
: http://localhost:9006/IPBoss/add/add_network.html
On Jul 9, 2004, at 8:11 AM, QM wrote:
On Thu, Jul 08, 2004 at 11:19:39PM -0500, Steve Luzynski wrote:
: Using Tomcat 5.0.25 on Mac OS X (10.3.4 specifically). Trying to
: implement container managed security.
:
: [snip: deployment descriptor]
:
: When I try to hit a url like
: http://localhost
Steve Luzynski wrote:
On Jul 9, 2004, at 8:11 AM, QM wrote:
On Thu, Jul 08, 2004 at 11:19:39PM -0500, Steve Luzynski wrote:
: Using Tomcat 5.0.25 on Mac OS X (10.3.4 specifically). Trying to
: implement container managed security.
:
: [snip: deployment descriptor]
:
: When I try to hit a url like
On Jul 9, 2004, at 12:40 PM, Robert F. Hall wrote:
Have you tried adding http-method/ elements to
web-resource-collection ?
web-resource-collection
http-methodHEAD/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
On Fri, Jul 09, 2004 at 03:20:39PM -0500, Steve Luzynski wrote:
: Is there some logging or debugging I can turn on? The stock logs aren't
: showing me anything other than just a normal access to the resources
: that I'm wanting to protect.
Another silly question, then: what's the deployed
and decided this was a good time to move to container managed
security since I destroyed the entire view anyway. :) So because of
that there is no servlet mapping yet, I'm just trying to get Tomcat to
properly access control some static HTML right now.
(I'm grasping too...)
Thanks,
Steve
Steve Luzynski [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Jul 9, 2004, at 12:40 PM, Robert F. Hall wrote:
Have you tried adding http-method/ elements to
web-resource-collection ?
web-resource-collection
http-methodHEAD/http-method
Hello there,
I use the classic Tomcat 5.0.18 without any modif.
I would like to protect a subset of my webapp. to do so, I did the following stuffs:
- I configured my Tomcat to accept SSL
- I added a security-constraint in web.xml
I am facing the following problems:
1. the url-pattern /frwk
I've been scratching my head most of the day on this...
Using Tomcat 5.0.25 on Mac OS X (10.3.4 specifically). Trying to
implement container managed security.
I have a JDBC Realm set up in server.xml for the context in question.
The web.xml file for the application is set up just like
Just wanted to ask this question again...does anyone have any ideas?? I'm
really stuck here, any good tutorials or resources about security
constraints would be helpful. All of the ones I've seen online only handle
one constraint at a time, I've never seen how they work in terms of best
Hello,
I'm using Tomcat 5.0.25 and I'd like to use container-based security to
restrict access to one specific page. The problem is that this page exists
in different contexts, but using the same docbase. You can get a better
idea by looking at the first snippet included below.
You can see
Hello, I have a question regarding security on Tomcat. first, some background:
I'm currently assisting in the deployment of a Xerox Docushare system. This
implementation DocuShare runs on Tomcat (among other platforms.) The problem I've been
having with this particular app/server setup
See the servlet spec. I know for version 2.3 of the spec (which is tomcat4
stuff) - security is applied only to the incoming URL. (The same went for
filters too)
For 2.4 - I know that filters can be applied on RequestDispatcher.include and
RequestDispatcher.forward. So security constraints
I do have a question regarding security across appfuse and other
webapps. Currently, I have two separate web applications running under
Tomcat (5.0.26):
- tdx (which is a version of appfuse)
- jGallery (which dynamically serves images)
The way jGallery works is that it 'crossmaps' image gallery
I'd like users to be able to login once and get access to several web
apps. Is it possible for web apps to 'share' a security-contraint?
I've tried putting the constraint into conf/web.xml That applies the
constraints to all the specified web apps managed by the server, but
users still need
Hi,
You might be able to use the SingleSignOn Valve (see tomcat
configuration reference documentation) for this.
It's OK but not recommended to put the security constraints in
conf/web.xml, although that's another way to share a constraint among
webapps.
As for a pure, portable way to share
Look at the SingleSignOn valve.
-Original Message-
From: Barnet Wagman [mailto:[EMAIL PROTECTED]
Sent: 26 May 2004 16:53
To: Tomcat Users List
Subject: Can webapps 'share' a security-constraint?
I'd like users to be able to login once and get access to several web
apps
I am trying to configure my application so that everything has to be
encrypted. I was able to do that by using the security constraint at the
bottom of this message. I've had this working for awhile without a problem.
However, now, I want to add an additional restriction. I want to make it so
Jonathan Eric Miller [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I am trying to configure my application so that everything has to be
encrypted. I was able to do that by using the security constraint at the
bottom of this message. I've had this working for awhile without
On 21-05-2004 11:33, wsedio wrote:
Hi all,
I am running Tomcat 5.0.24 on Red Hat Linux Enterprise 3 with Apache web
server 2 and mod_jk 1.2.
I have a few Apache/Tomcat virtual hosts: each host has its own document
root and webapps.
I would like to make sure that each host is not allowed to
Hi all,
I am running Tomcat 5.0.24 on Red Hat Linux Enterprise 3 with Apache web
server 2 and mod_jk 1.2.
I have a few Apache/Tomcat virtual hosts: each host has its own document
root and webapps.
I would like to make sure that each host is not allowed to access files
outside its document
Dear List,
I am using tomcats integrated security options, available inside the web.xml
(see below). When ever the session times out and the user makes a request
for a html/or jsp page within this protected context, appears the login.jsp
page. My problem is that my app uses frames, and when
Hi,
The declarative security options offered by the Servlet Specification, those you refer
to as the integrated security options, have no understanding of the client side,
i.e. the browser. There is no concept of frame or browser, so you can't do what
you're asking for with these declarative
An: Tomcat Users List; [EMAIL PROTECTED]
Betreff: RE: Tomcat security
Hi,
The declarative security options offered by the Servlet Specification, those
you refer to as the integrated security options, have no understanding of
the client side, i.e. the browser. There is no concept of frame
Hi,
I am using Tomcat managed security where I am using JAASRealm.
I have implemented a LoginModule ... using which I can login easily.
But how to logout ... doing session.invalidate() was what I thought would do
the trick. It did ... BUT ... after having logged out it is impossible to login
Can I get user role ( request.isUserInRole() ) from a user authenticated by IIS (
windows integrated authentication (NTLM) ). I already get user name, but I dont know
how to configure the file 'tomcat-users.xml' to set the user's roles. Using only IIS,
it's easy. I only need to configure the
Hi there,
please, I need to set unsecure connection in subcontext of secure context.
:)
It means: I have webapp1, that is set as:
security-constraint
web-resource-collection
web-resource-namewebapp1/web-resource-name
url-pattern/*/url-pattern
http-methodGET/http
Hi,
I am facing this problem while using Tomcat Managed security.
I am using the JAASRealm and my own LoginModule ... works
smoothly. It authenticates as well as authorizes.
BUT, when a user has logged in from one computer, the another user
cannot login unless the first user logs out first
of questions:
- which program?
- what is the server OS?
From: Andrea Powles [mailto:[EMAIL PROTECTED]
Im wanting to run the program on the server.
When I startup Tomcat with the -security option Tomcat
doesn't start up? This is the case even when I take out my
modifications
-
From: Andrea Powles [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 20, 2004 10:32 AM
To: Tomcat Users List
Subject: RE: security permissions
The program is called WEKA its a Java application that runs
data through machine learning algorithms I am trying to write
the otput
OK. Next set of questions:
- which program?
- what is the server OS?
From: Andrea Powles [mailto:[EMAIL PROTECTED]
Im wanting to run the program on the server.
When I startup Tomcat with the -security option Tomcat
doesn't start up? This is the case even when I take out my
Hi,
Im wanting to run the program on the server.
When I startup Tomcat with the -security option Tomcat doesn't start up? This is the
case even when I take out my modifications to the policy file. When I don't use the
-security option Tomcat runs fine but I am unable to execute another program
. I know that I cant currently do this due to the security
restrictions.
I have tried changing the Catalina policy file but Im unsure of exactly what to do
so it didnt work. Can someone please advise me of exactly what I need to add or
modify in order for my web app to have all
Where are you trying to run the external program? On the tomcat server or on the
client talking to the server?
If on the server try:
- testing it without the security manager
If on the client:
- The browser security model will not allow this at all unless the
applet/JavaScript is signed
venligst til Tomcat Users List
Til:[EMAIL PROTECTED]
cc:
Vedr.: IIS and Tomcat security
Hi
Does JK2 connector pass a security information to Tomcat, like the
authenticated user? I coudn't find any information about this in JK2
documentation. In my project, I need
Andrea Powles wrote:
Hi Tomcat users,
I wish for one of my web apps in Tomcat to execute another program on my computer using the exec method. I know that I cant currently do this due to the security restrictions.
I have tried changing the Catalina policy file but Im unsure of exactly what
Users List [EMAIL PROTECTED]
Sent: Friday, April 16, 2004 4:28 AM
Subject: Vedr.: IIS and Tomcat security
Yes it does.
request.getRemoteUser() in your JSP gives you the IIS authenticated user.
Make sure your IIS is set to Integrated Windows authentication and insert
request.tomcatAuthentication
. Can you send me workers2.properties and
jk2.properties example files?
Thanks
Maurício Kanada
- Original Message -
From: Thomas Nybro Bolding [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Friday, April 16, 2004 4:28 AM
Subject: Vedr.: IIS and Tomcat security
Yes it does
Hi
Does JK2 connector pass a security information to Tomcat, like the authenticated user?
I coudn't find any information about this in JK2 documentation. In my project, I need
that the IIS authenticates the users, and then, the Tomcat executes my web application
with users and roles
Hi Tomcat users,
I wish for one of my web apps in Tomcat to execute another program on my computer
using the exec method. I know that I cant currently do this due to the security
restrictions.
I have tried changing the Catalina policy file but Im unsure of exactly what to do so
it didnt
a
security-constraint on this folder in web.xml so that it is protected and
requires basic authorization. So far so good.
But I have discovered that if you include a document from that protected
folder inside a document from an unprotected folder using a jsp:include,
then basic authorization
of the spec is that the security constraints are for
the originally-requested URI only.
It's up to the developers to make sure content doesn't get include'd
or forward()'d to the wrong place.
: It has happened that I forget to type https:// and type http:// instead.
: So if a nasty, mean person
Debugging with Security manager can be challenging. You probably want to
take a look at Tomcat Security Manager HowTo.
Regards,
Daniel
-Original Message-
From: Juergen Weber [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 03, 2004 2:55 AM
To: [EMAIL PROTECTED]
Subject: JNDI Datasource
I got database connection up and running as described
in tomcat-docs/jndi-datasource-examples-howto.html
But it does not run with the Security Manager enabled.
The mysql driver and commons-dbcp are in common/lib,
so
grant codeBase file:${catalina.home}/common/- {
permission
Hollerman Geralyn M [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I currently have Tomcat 5.0.16 running using the SSL connector and a
self-signed
certificate - I followed the directions in the Tomcat SSL HOW-TO in how to
create the certificate and set up Tomcat for SSL. This is
I currently have Tomcat 5.0.16 running using the SSL connector and a self-signed
certificate - I followed the directions in the Tomcat SSL HOW-TO in how to
create the certificate and set up Tomcat for SSL. This is running with no
problems in my development environment.
I have been asked to put
I have Apache2 running as the front end handling all the client PKI
authentication.
Then Tomcat 4.1 using security constraints in the web.xml.
Now I use jk to connect them together and it works fine, sort of.
I can access protected files inside of Tomcat from Apache. Specifically any
file
Hi there,
we adressing the following problem with tomcat (similar works with bea8.1)
using application-managed security
application is sending 401, see *.jsp
private static void login(HttpServletResponse response)
{
System.out.println(sending 401 for authenticate
Is there a simple way to force a standard login programmatically on
page/servlet?
I would like to conditionally force the behavior that happens
non-conditionally when a user requests a page which has a security
constraint and gets their login.
I can think of some solutions for this, like setting
My very first page is the login screen. If i have specified security
constraints, then how can i show the login screen as the first screen.
The request should actually go to a secured screen, and this will bring
up the login screen. Thats the reason, i require the first page to be
secured
file index.jsp. Then for that specific URL (/) -
have it redirect to jsp/test.jsp. That way the external redirect
forces the security constraint to be caught. For example:
index.jsp:
%@ taglib uri=http://java.sun.com/jstl/core; prefix=c%
c:redirect url=jsp/test.jsp/
-Tim
shanmugampl wrote
Security constraints are in the incoming URL.
[
Also welcome files *should*(but not required) be single files - not files
buried under a directory.
Good: welcome-filecowbell.jsp/welcome-file
Bad: welcome-filemore/cowbell.jsp/welcome-file
]
-Tim
shanmugampl wrote:
Hi,
I am using 5.0.19 I
Hi,
I am using 5.0.19 I have the following definition in my web.xml file
welcome-file-list
* welcome-file/jsp/test.jsp/welcome-file*
/welcome-file-list
security-constraint
web-resource-collection
web-resource-nameSecured Core Context/web-resource-name
* url-pattern
On 03/21/2004 05:53 AM Matt Anderson wrote:
Hi All,
This is the first time I have used this list so this question may have
been asked many times before, however I tried to download previous message
but were unsucessful. My question is, how do you configure the security
manager to disable
Matt,
Your best bet is to read the security manager documentation provided as part of
the SDK. It should be located in JAVA_HOME\docs\guide\security\permissions.html
and JAVA_HOME\docs\guide\security\PolicyFiles.html
I can't remember if these docs are part of the standard download or whether
Hi All,
This is the first time I have used this list so this question may have
been asked many times before, however I tried to download previous message
but were unsucessful. My question is, how do you configure the security
manager to disable things like System.exit() and Runtime.exec
Hi,
I'm having a hard time with the security permissions for a webapp using
tomcat 4.1.30.
The application needs to write files to the java.io.tmp directory and it
works fine in the first scenario ( without a war file ) but in the
second scenario I keep getting
I have a web application which uses a security-constraint in the deployment
descriptor.
My lone url-pattern in my web-resource-collection is for my welcome page.
This has worked well enough.
However, now I wish to access a specific URL, a servlet that produces pdf
documents, bypassing
Hi.
I've been using the manager webapp, but after enabling the security
manager (-security on tomcat startup), the manager doesn't run any longer,
giving this error:
type Exception report
message
description The server encountered an internal error () that prevented it
from fulfilling
Jason Keltz wrote:
Hi.
I've been using the manager webapp, but after enabling the security
manager (-security on tomcat startup), the manager doesn't run any longer,
giving this error:
type Exception report
message
description The server encountered an internal error () that prevented
in CATALINA_BASE, and change
the context descriptor for the manager app in the CATALINA_BASE
directory to refer to the full path to the manager in CATALINA_HOME. Now,
the existing security policy works.
Jason.
On Tue, 16 Mar 2004, Jeanfrancois Arcand wrote:
Jason Keltz wrote:
Hi
of the server directory in CATALINA_BASE, and change
the context descriptor for the manager app in the CATALINA_BASE
directory to refer to the full path to the manager in CATALINA_HOME. Now,
the existing security policy works.
Yes, except it is not supposed to work like that. I will try to fix
What does tomcat do to ensure that you're logged in
while using the j_security_check ?
We're trying to transition users from non-logged in to
logged in, but we've got a fair amt. of portions of
the site that should be accessible from both states
(non-logged in and logged in)
Is there something,
On 03/12/2004 03:34 PM Paul Tomsic wrote:
What does tomcat do to ensure that you're logged in
while using the j_security_check ?
We're trying to transition users from non-logged in to
logged in, but we've got a fair amt. of portions of
the site that should be accessible from both states
no, my question wasn't whether request.getRemoteUser()
returns null or not. HOW, specifically,
does tomcat populate that information using the
j_security_check and the security-constraint nodes in
the web.xml???
__
Do you Yahoo!?
Yahoo! Mail - More reliable
Hello, I'm trying some web.xml security features and think that Catalina
does'nt perform url pattern very well in some cases (whatever the kind of Realm).
For example :
Roles : Administrateur and DTN
protected ressources :
/pages
:[EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 10:26 AM
To: [EMAIL PROTECTED]
Subject: url-pattern pb in security constraints
url-pattern/pages/secret1/*.jsp/url-pattern
url-pattern/pages/*.jsp/url-pattern
?
Is the username and password securely transmitted? Are there any back
doors or bugs with the manager app that would allow it to be taken over?
If there are any problems is there a way to improve the security of the
manager?
Thanks in advance for any help.
Andrew
:[EMAIL PROTECTED]
Sent: 09 March 2004 11:32
To: Tomcat Users List
Subject: Manager app security concerns
I'm using the manager app to deploy web apps. I'm interfacing to it
using deployer ant tasks. My support team have raised concerns that this
is inherently insecure. They are concerned
their medication :)
-Original Message-
From: Andrew Watters [mailto:[EMAIL PROTECTED]
Sent: 09 March 2004 11:32
To: Tomcat Users List
Subject: Manager app security concerns
I'm using the manager app to deploy web apps. I'm interfacing to it
using deployer ant tasks. My support team have raised
and the security manager
Try adding '-Djava.security.manager' and
'-Djava.security.manager==c:\path\to\catalina\conf\catalina.policy' to
your
JavaOptions.
A.J. Ostman [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hello All,
Platform: Windows XP / Tomcat 4.1 and 5.0
Hello All,
Platform: Windows XP / Tomcat 4.1 and 5.0
If I invoke Tomcat from the command line as catalina run -security, then
the security manager loads, however how do I get the Tomcat running as a
service to invoke the security manager? I have tried putting -security in
the optional parameters
line as catalina run -security, then
the security manager loads, however how do I get the Tomcat running as a
service to invoke the security manager? I have tried putting -security in
the optional parameters and even in the imagepath in the registry. Please
let me know what works.
Thanks
-A.J
I used container managed security (I mean declaring security issues in
web.xml, and using security standard servlet API isUserInRole,
getUserPrincipal and so on) for several webapp, but I'm now facing the
following need that this approach seem not to satisfy:
I have to authenticate users based
On 03/04/2004 04:12 PM Renato Romano wrote:
I used container managed security (I mean declaring security issues in
web.xml, and using security standard servlet API isUserInRole,
getUserPrincipal and so on) for several webapp, but I'm now facing the
following need that this approach seem
I want to be able to make changes to my catalina.policy and to apply
those changes without restarting Tomcat. Is this possible, and how would
I go about it?
TIA!
Hi,
I want to be able to make changes to my catalina.policy and to apply
those changes without restarting Tomcat. Is this possible, and how
would
I go about it?
This is not a tomcat issue, but rather a general java one. The
SecurityManager reads the policy file once, upon its construction. So
IN reading a Tomcat manual, I noticed that security constraints are only
applied via client interactions with the secured object. I.E., If you
redirect from within a secured object to another secured object, the
redirection is not authenticated. Is there a way in Tomcat to secure ALL the
objects
From the spec:
The security model applies to the static content part of the web
application
and to servlets within the application that are requested by the client.
The security
model does not apply when a servlet uses the RequestDispatcher to invoke
a
static resource or servlet using
How would I get Tomcat to use a database table instead of the web or server
.xml files' security-constraint.auth-constraint.role-name to enforce
authorization? I would prefer to have objects in my webapp to have
configurable authorization applied to them outside of tomcat configuration
files; Done
You would need to combine to security philosphies
- container based security
- programmer based security
The first is done via web.xml and mathcing URL's against given roles. When
that is not enough, then you need to use programmtic security. You use the
HttpServletRequest objects instance
Brandon Goodin [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I have the following security constraint specified in my web.xml:
security-constraint
web-resource-collection
web-resource-nameCustomer Area/web-resource-name
url-pattern/customer/*/url-pattern
I have the following security constraint specified in my web.xml:
security-constraint
web-resource-collection
web-resource-nameCustomer Area/web-resource-name
url-pattern/customer/*/url-pattern
/web-resource-collection
auth-constraint
role-namecustomer
META-INF/web.xml of my application with:
security-constraint
web-resource-collection
web-resource-namesescam/web-resource-name
url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern
/web-resource-collection
user-data-constraint
transport-guaranteeCONFIDENTIAL
The tag security-constraint is related with Realm authenticator, not
with SSL security.
Juan.
-Mensaje original-
De: Mariano [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:11
Para: [EMAIL PROTECTED]
Asunto: security-constraint not work in Tomcat 5.0.18 ?
Hi all
ok, then, How can i force tomcat using hppts with some jsp pages?
Thanks
Mariano López
-Mensaje original-
De: Juan de Bravo [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:17
Para: 'Tomcat Users List'
Asunto: RE: security-constraint not work in Tomcat 5.0.18
Try this in your WEB-INF\web.xml application file
security-constraint
web-resource-collection
web-resource-nameHTMLManger and Manager command/web-resource-name
url-pattern/*.jsp/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
It doesn't work, i can acces this pages using http and i like to force
access https for this pages.
Thanks
-Mensaje original-
De: Juan de Bravo [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:41
Para: 'Tomcat Users List'
Asunto: RE: security-constraint not work
connectionTimeout=2
useURIValidationHack=false disableUploadTimeout=true /
Juan.
-Mensaje original-
De: Mariano [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 11:31
Para: 'Tomcat Users List'
Asunto: RE: security-constraint not work in Tomcat 5.0.18
disableUploadTimeout=true /
Could it be a tomcat bug in 5.0.18 ?
-Mensaje original-
De: Juan de Bravo [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 11:40
Para: 'Tomcat Users List'
Asunto: RE: security-constraint not work in Tomcat 5.0.18 ?
Hi Mariano,
I 've proved
Hello,
I installed the JK connector in IIS 5.0 on Win2K, directing JSP and servlet
requests for a certain context to Tomcat 4.1.29, and though it works I can't
access the Tomcat resources (JSPs and servlets) anonymously. In fact, the
way IIS's directory security is involved is something
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 18, 2004 11:17 AM
To: [EMAIL PROTECTED]
Subject: How does IIS directory security relate to JK connector?
Hello,
I installed the JK connector in IIS 5.0 on Win2K, directing JSP and servlet
requests for a certain context
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 18, 2004 11:53 AM
To: [EMAIL PROTECTED]
Subject: RE: How does IIS directory security relate to JK connector?
To follow up, I just made some progress. By changing the Anonymous User
Account in IIS for the tomcat virtual
When I startup Tomcat 5.0.18 with a security manager, I get the following
exception. It talks about persisted sessions, something I didn't even
realize existed. No doubt there's a permissions problem if it cannot read
where the sessions are stored.
Is there a way to make sure sessions
regarding this aspect).
I have declared a security-constraint with no (empty element) assigned
roles for a whole subdirectory containing my JSP pages and other stuff:
url-pattern/s/*/url-pattern. Now direct access to this directory and
the
pages is not possible anymore, everything has
301 - 400 of 1624 matches
Mail list logo