2016-09-02 23:19 GMT+02:00 Robert Winch :
> I realize that I can manually configure LegacyCookieProcessor
>
> Yes, you'll have to configure the legacy cookie processor to support the
less formal former cookie RFCs, this is as expected. If you find any
discrepancies about that in the Tomcat documen
It appears that Tomcat 8.5.4 does not conform to the Servlet 3.1
specification in regards to the Cookie RFC that should be used.
= Servlet 3.1 Specification
Tomcat 8.5.4 states it follows the Servlet 3.1 specification [1].
The Servlet 3.1 Cookie class level Javadoc states [2]:
> This class sup
One thing I forgot to mention... In my servlet controller's auth method,
when a user's login is approved, the controller redirects the browser to
another page. I noticed looking in my browser's network tab the CSRF_NONCE
token in the request URL changes value between the auth method and the
eventua
On Fri, Sep 2, 2016 at 4:28 AM, Yuval Schwartz
wrote:
> Tomcat: 8.0.22
> JDK: 1.8.0_05
>
> Hello,
>
> I am currently running a web application.
>
> I would like to restrict access to the manager app (it is currently being
> hit by spammers every so often who are unable to connect (get a message
>
For my app I was *mostly* successful in securing it using Tomcat's
CsrfPreventionFilter tool. I can land on my unsecured login.jsp page and
get the app to still redirect based on login success.
My problem is regardless of login success I'm getting a 403 error; I may be
implementing the token check
Hello Peter,
Thanks. I'll give it a shot and let you guys know how it goes.
Any input on whether I should put this in my applications context.xml or in
my [host] directory?
Thank you.
On Fri, Sep 2, 2016 at 4:24 PM, Kreuser, Peter wrote:
> Hi Yuval,
>
>
> > -Ursprüngliche Nachricht-
>
Hi Yuval,
> -Ursprüngliche Nachricht-
> Von: Yuval Schwartz [mailto:yuval.schwa...@gmail.com]
> Gesendet: Freitag, 2. September 2016 13:28
> An: Tomcat Users List
> Betreff: Restrict access to manager app by IP
>
> Tomcat: 8.0.22
> JDK: 1.8.0_05
>
> Hello,
>
> I am currently running a
Tomcat: 8.0.22
JDK: 1.8.0_05
Hello,
I am currently running a web application.
I would like to restrict access to the manager app (it is currently being
hit by spammers every so often who are unable to connect (get a message
"...an attempt was made to authenticate the locked user")).
I was think
