Re: accessing external contents

Hi Mark, Thanks for letting me know that I am on righ track. I will try it with standard installation and further inspect why it is not working in my product. Thanks, Umesh On 11/15/22 11:34 PM, Mark Thomas wrote: On 14/11/2022 11:22, Umesh Raikwar wrote: > ... context path /product

RE: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

And one thing I forgot - yes Chris, could you please provide the code you mentioned in case that is the issue? Thanks, Angela >> certificateKeystoreProvider="SunPKCS11-NSS-FIPS" > >Could this be the problem? Does your new Java version have that security >provider

RE: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

Thanks to Joey and Chris for responding. Joey had said >Jump through the hoop of rebuilding the keystore with the current java > I believe this is what we did that made the difference I am not > familiar with PKCS11 > we use Http11Nio2Protocol with PKCS12 for complete chain bundling.

Tomcat-embed and Tomcat Vulnerabilities

Hi Users, My question is about whether a vulnerability applies to my particular application. My application is using tomcat-embed. Being tomcat-embed derived from Tomcat server, could tomcat-embed has the vulnerabilities that Tomcat server has? In affirmative case, is disclosure of

Re: Why does LockOutRealm not support CredentialHandler?

Rémy, On 11/16/22 07:53, Rémy Maucherat wrote: On Wed, Nov 16, 2022 at 1:36 PM Christopher Schultz wrote: Thorsten, On 11/16/22 03:20, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:50 schrieben Sie: That worked right from the start, I

Re: Why does LockOutRealm not support CredentialHandler?

Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 13:35 schrieben Sie: > I really don't know why you are seeing that warning. You aren't > explicitly-setting a CredentialHandler on your LockOutRealm and > that's the only time this warning should be shown.[...] Yes I did during

Re: Why does LockOutRealm not support CredentialHandler?

On Wed, Nov 16, 2022 at 1:36 PM Christopher Schultz wrote: > > Thorsten, > > On 11/16/22 03:20, Thorsten Schöning wrote: > > Guten Tag Christopher Schultz, > > am Mittwoch, 16. November 2022 um 04:50 schrieben Sie: > > > >> >> resourceName="UserDatabase"> > >> >>

Re: Why does LockOutRealm not support CredentialHandler?

Thorsten, On 11/16/22 03:20, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:50 schrieben Sie: That worked right from the start, I had a DIGEST in tomcat-users.xml and was able to login with plain-text password provided to the browser. The

Re: Why does LockOutRealm not support CredentialHandler?

Thorsten, On 11/16/22 02:28, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:00 schrieben Sie: Thorsten, what makes you say "it doesn't work" and "LockoutRealm ignores any credential handler"? When you say "it doesn't work"... what DOES it do?

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Thorsten, On 11/16/22 02:36, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:17 schrieben Sie: You should double-check the definition of "compliant to CIS benchmark spec" because there is no way in hell that HTTP DIGEST is required.[...] The spec

Re: Why does LockOutRealm not support CredentialHandler?

Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:50 schrieben Sie: > resourceName="UserDatabase"> > className="org.apache.catalina.realm.SecretKeyCredentialHandler" > algorithm="PBKDF2WithHmacSHA512" > iterations="10" >