Has any decision been made on how the original poster will do this?
As I read through the various responses, while you can always argue
certain structures are better, it's simply not true that if you create
messy/insecure JSPs, you'll somehow create clean/secure servlets. Any
error you would
I'll be curious to see the answers.
JSPs are servlets.
For us, the common way would be for your non-JSP servlets to
authenticate the request (and save the results in the request), and then
your JSPs can check if the request has been authenticated before
progressing further. Of course, if it'
We're doing good with this:
protocols="TLSv1.1, TLSv1.2" honorCipherOrder="true"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE
On 8/9/17 8:35 AM, Mark Thomas wrote:
On 09/08/17 16:09, David Wall wrote:
We're using Tomcat 8.5.16 with Java 1.8.0_91, Vaadin 7.7.10 and
Atmosphere Websockets.
We have had reports of sessions logging out while users are active with
our Vaadin-based application. This has been frustrati
We're using Tomcat 8.5.16 with Java 1.8.0_91, Vaadin 7.7.10 and
Atmosphere Websockets.
We have had reports of sessions logging out while users are active with
our Vaadin-based application. This has been frustrating as we can't
seem to track down why Tomcat's session is not being updated, but
Does anybody know if the AES+GCM bug that causes a JVM Crash (I believe
only under JDK 8) when running TLS in Tomcat using Java's JSSE has been
fixed? I doubt this is a Tomcat issue, but since the bug likely only
appears for uses of TLS's AES+GCM in Tomcat, I hope someone here may
know the det
topher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
David,
On 8/28/15 2:47 PM, David Wall wrote:
I'm using Tomcat 8.0.23, but wondered if a filter defined in the
Tomcat conf/web.xml as well as defined in my app's WEB-INF/web.xml
file causes the filter to be loaded twice or
I'm using Tomcat 8.0.23, but wondered if a filter defined in the Tomcat
conf/web.xml as well as defined in my app's WEB-INF/web.xml file causes
the filter to be loaded twice or whether duplicate filters are ignored?
If duplicates are ignored, what makes it a "duplicate"? Just the name,
the fi
We're on Tomcat 8 with Java 8, so it has more options for ciphers, but
this is what we use:
protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
connectionTimeout="2" acceptorThreadCount="2"
URIEncoding="UTF-8"
maxThreads="100" scheme="h
On 12/15/2014 12:19 PM, Anup Aggarwal wrote:
Hi,
I am new to learn the LambdaExpression , and I am trying to run a test with
JDK7 on Tomcat_8_0_15 server
Don't you need JDK8 for Lamdas?
-
To unsubscribe, e-mail: users-unsubs
Thanks, Christopher.
One last question has to do with the filter-mapping's url-pattern element.
Are /* and * the
same?
My impression is that /* is more correct since a * pattern implies a
file name suffix but there's nothing after it. Is that true, or do /*
and * work the same to mean to m
On 4/17/2014 7:50 AM, Christopher Schultz wrote:
I'll take a look at the code to see if maybe we can conditionally log
something somewhere when we get a 400 error. You can probably get
information about it by enabling DEBUG logging on the component that
throws the 400 error, but you'll likely
I've never done a request dumper before, but is there a way to trigger
it only if Tomcat is going to issue a 400?
Sorry for replying to my own posting, but for JSP urls, we do seem to
know that request.getScheme() for example returns null when things are
bad, though I'm not sure how a bad re
On 4/16/2014 3:17 PM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The access log of course does not give the whole story. It's possible
that the client sent for example a badly-formed HTTP header value. In
those cases, the request-line (shown in the access log) c
I am running Tomcat 7.0.47 and it occasionally returns HTTP status codes
of 400, such as the following from my access log.
A 400 suggests a malformed request, but many of these are simple GET
requests on an image, so it seems odd they are malformed. We're not
positive, but it seems that as th
On 10/15/2012 6:37 PM, 孙文 wrote:
You are not suitable the open source community and you are a selfish guy.
Wonderful, helpful and insightful!
I egregiously suggested that reverting a line of code back to 7.0.26,
which was also standards-compliant, would have been easy and would have
helped
In researching a bug our users are now suffering, I found that it was
reported already as *Bug 53814- Could not display PDF file on Tomcat
7.0.27 above.*
Sadly, it also shows that's it's considered "invalid" and won't be fixed
because the change made between 7.0.26 and 7.0.27 is "standards
Just a quick update on these several threads of Tomcat 7 oddball
exceptions. It looks to be as Chuck believed that it was a coding error
on our end that was causing this. In particular, it was the no-no
misuse of instance variables in a controlling servlet.
Thanks for everyone's help!
David
Just a quick update on these several threads of Tomcat 7 oddball
exceptions. It looks to be as Chuck believed that it was a coding error
on our end that was causing this. In particular, it was the no-no
misuse of instance variables in a controlling servlet.
Thanks for everyone's help!
David
Just a quick update on these several threads of Tomcat 7 oddball
exceptions. It looks to be as Chuck believed that it was a coding error
on our end that was causing this. In particular, it was the no-no
misuse of instance variables in a controlling servlet.
Thanks for everyone's help!
David
Chris,
Thanks for the 'findbugs' tip. I'm running it now in Eclipse and it has
indeed found real bugs and some good stylistic ideas as well.
David
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional
On 5/2/2012 2:17 PM, Caldarale, Charles R wrote:
Both this symptom and your earlier one about creating a session after a
response has been committed are representative of the kinds of errors seen when
a webapp stores references in an inappropriate scope. For example, keeping a
reference to
On 5/2/2012 2:41 PM, Caldarale, Charles R wrote:
Look carefully at the code in your webapp(s) for issues like the ones
described in an earlier response.
Has anybody seen this?
Lots of times - and it's _always_ been a problem in a webapp.
- Chuck
I hope my comment about our session trackin
On 5/2/2012 2:17 PM, Caldarale, Charles R wrote:
Both this symptom and your earlier one about creating a session after a
response has been committed are representative of the kinds of errors seen when
a webapp stores references in an inappropriate scope. For example, keeping a
reference to
Here's another odd exception we are receiving on Tomcat 7.0.26 when
doing load testing.
When this exception occurs, our code is basically calling:
response.encodeURL(url);
It's in a FORM tag we created that is defined on a JSP page that should
already have a session object created by:
<%@p
We are running Tomcat 7.0.26 and have not see this except before running
high load testing. It's an odd exception in that our getParam() code is
just calling: String[] pv = request.getParameterValues(name);
That is, we are not making a call that should be attempting to change
any parameter va
On 5/2/2012 12:34 PM, Pid * wrote:
It's an OS issue: google 'ulimit'.
p
Yes, I am familiar with ulimit -Sn (it's 1024), but I suspect this could
be a Tomcat issue somehow opening too many files and/or not releasing
them. I had never seen this issue before we upgraded from Tomcat 5.5
(al
I am running Tomcat 7.0.26 on Linux we received a lot of the following
exceptions during load testing:
May 2, 2012 3:04:03 AM org.apache.tomcat.util.net.NioEndpoint$Acceptor run
SEVERE: Socket accept failed
java.io.IOException: Too many open files
at sun.nio.ch.ServerSocketChannelImpl.ac
We are running Tomcat 7.0.26 (no httpd front end) with BIO/NIO and SSL
(entire webapp is in security context) and see this exception
periodically on our Linux server:
May 2, 2012 3:03:45 AM org.apache.jasper.runtime.JspFactoryImpl
internalGetPageContext
SEVERE: Exception initializing page con
You are right about the encoding of the .java file in Eclipse. I tried
in 'vi' and sure enough the codes are in there correctly. Interesting
that Eclipse opened the .jsp file and showed it nicely, but the .java
file was not. I couldn't do the properties, though, since these files
are not par
Thanks for the ideas, Mark, but it's still the same undesirable result.
On 9/1/2011 6:58 AM, Mark Thomas wrote:
I suspect you need:
<%@ page pageEncoding="UTF-8" %>
at the start of your JSP.
.java files are written using UTF-8 by default so if what you see there
is wrong then the original .jsp
I'm trying to track down a character encoding issue that I've been
having, but don't really understand. Hopefully one of you will know what
the answer is.
I am using CKEditor to generate some user-specified HTML. CKEditor
offers an "insert special character" function that often creates named
On 6/24/2011 5:48 AM, Rainer Jung wrote:
On 24.06.2011 14:08, Tim Funk wrote:Looks like this is the root cause from
DefaultServlet ...
While the ISE is caught ... since the mimetype for js was changed - it
doesn't match the fallback method
try {
ostream = r
out.write("\n");
pageContext.include("/static/esf/esf.js",true);
out.write("\n");
But the exception IllegalStateException is thrown on the include of
the esf.js file. The reason is null, so there's no more details. I
find it odd in that the two prior includes works okay, but that third
o
out.write("\n");
pageContext.include("/static/esf/esf.js",true);
out.write("\n");
But the exception IllegalStateException is thrown on the include of
the esf.js file. The reason is null, so there's no more details. I
find it odd in that the two prior includes works okay, but that third
one
This was working under TC 6, but I have a tag that extends
BodyTagSupport, and in my doStartTag() method I get my JspWRiter 'out'
using pageContext.getOut().
I have a bunch of out.write("") statements that all work fine.
Then I have these:
out.write("\n/* platform esf.css */\n");
pageContext.
Yes. You'll need to extend BaseDirContext in
org.apache.naming.resources. For some examples, see FileDirContext and
WarDirContext in the same package.
Thanks for the pointers, Mark. From what you are saying, this would be
a Tomcat-specific solution. I was hoping for something that would work
On 12/26/2010 2:04 AM, Mark Thomas wrote:
Yes. You'll need to extend BaseDirContext in
org.apache.naming.resources. For some examples, see FileDirContext and
WarDirContext in the same package.
Thanks for the pointers, Mark. From what you are saying, this would be
a Tomcat-specific solut
Is there a way to have Jasper (or other...) retrieve the JSP source code
it'll compile from a database instead of a regular file? It's fine that
Jasper write the .java/.class files as normal, but the .jsp would come
from my database instead. A servlet that could return the JSP source
code so
Another issue to consider is that Tomcat runs a single instance of Java
VM, but often runs multiple webapps. If each webapp takes the approach
that it can set the "default timezone" to its liking, you'll find that
you get a mixed bag based on which webapp was the last to reload. At
least that
Caldarale, Charles R wrote:
From: David Wall [mailto:d.w...@computer.org]
Subject: Re: TC 6.0.20 - how to know session restored on restart?
This must be a multi-thread timing issue because I had
not had this happen on several other restarts.
AFAIK, Tomcat initialization is single
work well enough for me. We already stored some info in the session
so that we could also determine the user who is associated with the
session among others, so we just created an object to hold this info
and it implements HttpSessionActivationListener and sure enough, on
tomcat restart, it
My first attempt was to implement those two methods in my class that
already implements HttpSessionListener, but these methods were never
called. On closer reading, it appears that this is an interface to be
implemented by an object that I then store in the session attributes.
Do I create an o
It seems if I can see all sessions that are started and stopped using
SessionListener, there should be no reason why we can't get the sessions
auto-built from session persistence when Tomcat restarts a web app,
too. Any tricks to figure this out?
Try reading the reply I wrote about 9 hou
I am using Tomcat 6.0.20 and have implemented the SessionListener
interface. We can then use this to show a list of active sessions to
our users, and when they are logged in, we even know which user is
tied to the session. This is very handy.
However, on tomcat restart, all existing sessio
I am using Tomcat 6.0.20 and have implemented the SessionListener
interface. We can then use this to show a list of active sessions to
our users, and when they are logged in, we even know which user is tied
to the session. This is very handy.
However, on tomcat restart, all existing sessions
Manually, the Tomcat Manager web app allows me to easily restart a web
app. So, assuming I have the tomcat manager username and password, I
can make a program invoke the same URL that probably would cause the web
app to reload, using something like:
https://myhost.com/manager/html/reload?path
In a production environment in which JSPs do not change frequently, I'd
like to reduce the overhead of checking for JSP recompiles, assuming
that such checks are in fact costly, and instruct Tomcat to recompile a
given JSP should it change. In our environment, the JSP is written out
by our web
F.ex. from my toy machine;
$ ps -fLp 7044
UIDPID PPID LWP C NLWP STIME TTY TIME CMD
tomcat7044 1 7044 0 40 2008 ?00:00:12 /usr/lib/jvm/java/bin
tomcat7044 1 7118 0 40 2008 ?00:02:58 /usr/lib/jvm/java/bin
tomcat7044 1 7119 0
We are running Tomcat 5.5.27 on Linux 2.6.18-53.1.4.el5xen (Red Hat
4.1.2-14) with Java 1.6.0_05 (32 bit) in a Xen virtualization
environment (not my server, so unsure what version that is). It has 3
webapps running, two of ours and Tomcat's manager.
Normally, when we run 'top', Java and it's
John Shilling wrote:
I am looking at having to support tens or even hundres of instances of our
web application in an ASP Model.
We basically do this now using a single Tomcat instance with multiple
webapps (https://host.com/App1/, https//host.com/App2/ etc) and
don't use virtual servers
It may not be worth the resources, but you can develop/use a download
manager could do this for you. Especially if these are large files, the
users may be happy to use something like that.
The manager would basically tell the service to start the download and
if you do something like resume fun
I have a java application under Tomcat that is supposed to track people'
downloads.
The user clicks on a link (to download a file) and a new record has to be
inserted into a postgreSQL table informing which file was downloaded.
However, I need to insert into postgreSQL only after the u
cookie.setVersion(1);
I think I found my own answer in that it appears that Firefox can accept
a version 1 (RFC 2109) cookie, which we were using because the email
address contains an '@' that's not allowed as a value in version 0
cookies. When we converted to version 0 and encoded the @,
We set a secure cookie over HTTPS using:
javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie(name,
value);
cookie.setVersion(1);
cookie.setMaxAge(60*60*24*90); // 90 days in seconds
cookie.setSecure(request.isSecure());
response.addCookie(cookie);
This works in Firefox and Chrome.
While it makes sense, I was just checking to see if upgrading from
Tomcat 5.5.26 to 5.5.27, not thinking such an upgrade would require JSP
source code changes, will hold true going forward with subsequent Tomcat
releases.
We have a few places where JSP tag attribute values have Java code that
No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it
to report to my application that SSL is being used.
So you want quality software to lie to you? It would be a bug if Tomcat
said it was secure when it's not, and it sounds pretty goofy to want it.
The deal is that I
I'm trying to configure an HTTP that reports to the
application that the connection is secure. According to the TC
documentation
(http://tomcat.apache.org/tomcat-5.5-doc/config/http.html), you should
be able to simply set:
secure="true"
in the and all should be well.
Yes, this is used whe
We've used the following in Tomcat 5.5 with JDK 1.6:
David
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Thanks for the code idea. I like what you wrote.
If there's no '?' in the URL, then you can return false right away,
right?
Indeed!
public boolean isParamInUrl(String url, String paramName)
{
~ return url.contains('?' + paramName + '=')
~ || url.contains('&' + paramName + '=');
}
T
if ( pos > 0 )
url = url.substring(pos);
Found a bug in that this should be pos+1 to remove the "?".
if ( paramAndValue[0].equals(paramName) )
return true;
We're also doing a URLDecoder.decode on the paramAndValue[0] in case the
param
http://java.sun.com/docs/books/tutorial/networking/urls/urlInfo.html
It breaks down every component of the url (protocol, domain name, etc). Is
that what you're looking for?
Not really since I just need to process the query string portion to see
if a given param exists or not. I'm usin
Is there an API call to parse an URL I have as a String so that I can
determine if a given param exists?
I know that when processing from Tomcat, I can do
request.getParameterValues() for the URL of my servlet, but I'd like to
know if the URL used to arrive at my page includes a given paramete
I'd like to allow a web app to define custom code, such as for custom
data validators or data formatters to be added by a user through
configuration in my web app.
That is, I'd like to have a user of my web app specify some Java code
snippets (either a few lines of code, or perhaps a complete
Is there any problem run Tomcat under 64 bits platform? And about JDK? Is it
possible install JDK 32 bits for 64 bits platform?
We run Tomcat 5.5 using CentOS 5 X86_64 and Java 6 (x64 -- previously
amd64 also worked) without any issues.
David
--
My Tomcat directory is c:\Tomcat6\apache-tomcat-6.0.14. I tried starting
startup.bat but got the error:
The CATALINA_HOME environment variable is not defined correctly This
environment variable is needed to run this program
My CATALINA_HOME environment variable is set to
c:\Tomcat6\apache-to
After some times, my Tomcat will stop responding and the stdout log
says OutOfMemoryError!
You could try increasing the perm space with the Java option:
-XX:MaxPermSize=256m
Obviously, you can choose any value you want. We've seen the same
problem on systems that have lots of webapps th
Moritz wrote:
But still I think it's never a good idea to write a password in plain
text in any file. If the password is stored in plain text and
something goes wrong an attacker could be able to steal my private key
and use it. And this would be really bad.
Obviously, this depends on your web
Assuming you'll want to do other redirects in the future to different
webapps (not all sharing ROOT's "/" for example and just using subdirs,
but actual distinct webapps), you might take a look at URL rewrite at
http://tuckey.org/urlrewrite/
David
-
Frank W. Zammetti wrote:
I can say with 100% certainty that a servlet invoked with XMLHttpRequest
**DOES** have the same access to server-side objects as a non-AJAX
request. I say this based on two applications in production that do this
all day long, one Struts-based, one not. I also say it b
Martin,
All encryption systems need a way to boot themselves. This either means
you store the password somewhere so the program can self-boot itself, or
you need user intervention, such as typing in the password (or inserting
a dongle or other security hardware device).
Once the system has
I hope all this 'bot' talk doesn't prevent a resolution to the bug
long-standing bug regarding sessions that never terminate, long after
they should have expired. All of our web apps have a background thread
that periodically terminates sessions that haven't been accessed in 24
hours, even tho
It seems that Tomcat 5.5.17 (and earlier) has had some sort of problem
in timing out sessions. I'm not sure if it would clean itself up if the
person really came back and did another HTTP transaction or not, but
I've noted that Tomcat Manager will show sessions that are have been
idle much lon
That's exactly what I was looking for. Thanks. David
Mark Thomas wrote:
$JAVA_HOME/docs/guide/security/jsse/JSSERefGuide.html
You want appendix A.
Mark
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscr
?
Thanks,
David
David Wall wrote:
Does anybody know how to find the list of SSL ciphers that TC will use
(I'm running on Linux)? There's a Connector param to set the ciphers,
but I don't know where to find the list of available ciphers that I have.
Mark Thomas wrote:
David Wall wrote:
Does anybody know how to find the list of SSL ciphers that TC will use
(I'm running on Linux)? There's a Connector param to set the ciphers,
but I don't know where to find the list of available ciphers that I have.
http://marc.thea
Does anybody know how to find the list of SSL ciphers that TC will use
(I'm running on Linux)? There's a Connector param to set the ciphers,
but I don't know where to find the list of available ciphers that I have.
Thanks,
David
What are most people doing to detect so-called "weak" SSL ciphers in
Tomcat?
I've noted that I can configure the Tomcat Connector's 'ciphers' list to
specify only those that are not "weak," but I'm not sure how best to
generate that list. For example, how would I list all ciphers except
DES-
Is there a correct way to retrieve a typed List from a request/session
attribute? The attribute is returned as an Object, but using a cast like:
List var = (List)request.getAttribute(name);
results in a warning:
Type safety: The cast from Object to List is actually checking
against the erase
Is there a way to call a JSP within my web app so that I can capture the
HTML that the JSP produces? I'd like to capture that HTML and store it
in a file rather than returning it as part of the response.
I have tried java.net.URL, but it has issues when testing over HTTPS
(self-signed certs)
e.jasper.compiler";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.util.net";
David
David Wall wrote:
Since upgrading from Tomcat from 5.5.9 to 5.5.17, I found that my two
webapps that both need to use encryption via JCE providers are not
working.
Leon Rosenberg wrote:
On 6/2/06, Bill Barker <[EMAIL PROTECTED]> wrote:
TC 3.3.x had an optional module to do this. It never got ported.
I generally agree with most of the people that say that this is the
least of
your problems. If you are usings a self-signed cert, then you are just
getti
he webapps went into the same file. So it seems to
have some static initializations too that introduce this oddity.
David
David Wall wrote:
Martin,
Thanks for your suggestion, but it's unlikely that web.xml was
misconfigured just because of this TC upgrade (it wouldn't have needed
Martin,
Thanks for your suggestion, but it's unlikely that web.xml was
misconfigured just because of this TC upgrade (it wouldn't have needed
to change). Also, when I restart tomcat (rather than just reload via
the manager), the webapp comes up just fine. It's only on a reload that
things f
It seems there's something that's gone "wrong" between TC 5.5.12 and TC
5.5.17 as it relates to reloading webapps through the Manager app. I
upgraded to get the fix related to webapp reloads for listeners, and
that seemed to work (on restart with a new web.xml, it didn't call the
listeners fro
Since upgradeing from 5.5.12 to 5.5.17, it seems that when I restart
tomcat, I get an error that didn't occur before. The error may be
related to some remote debugging options set when TC is started, yet
these didn't seem to create an issue before.
Here's the error in catalina.out:
INFO: Sto
Hi Eric:
I am sorry. I am a beginner of Tomcat. How does it work? Have the
current Tomcat already been doing that? Is it just put an encrypted
keystore password at the server.xml? or don't even mention any keystore
password at the server.xml at all?
Regards
Dickson
I don't think TC does thi
No, you just have the keystore encrypted with a password and _don't_
specify it in the config file. Then when tomcat starts up, and can't open
the keystore w/o a password, it knows it has to ask for it, but it isn't
stored anywhere on the machine. That's what apache httpd does if the
c
Shankar Unni wrote:
Robert Harper wrote:
One thing to think of is that if you have to do that to protect it, then
everything else on that system is suspect.
Yeah, yeah. I used to use this argument a lot, too. But that's like
saying: if your harness isn't secure, then why bother with an
add
Thought I'd post this one more time since doing so over the U.S. holiday
weekend likely left a lot of folks out of the loop... I'm either left
with running my webapps without a security manager, or staying on an
older Tomcat that has other bugs that I need resolved by 5.5.17
(clearing of liste
Since upgrading from Tomcat from 5.5.9 to 5.5.17, I found that my two
webapps that both need to use encryption via JCE providers are not
working. Only the "first to load" webapp works as it installs the
provider just fine, but the other cannot and then fails.
It seems that a single JVM can on
I may have found this was fixed in 5.5.17 since I see this line in the
changelog:
Correctly reset listeners when reloading a webapp (remm)
I'll give that a try
David
David Wall wrote:
We have multiple webapps running in a single Tomcat instance, and when
we need to upgrade a
We have multiple webapps running in a single Tomcat instance, and when
we need to upgrade a given webapp, we install a "system down" web.xml
that defines a "null operation" listener (we normally have one that
bootstraps the application, connects to databases, etc.) and maps
everything to a serv
Well, you should check out the url rewrite documention for details. In
your webapp's web.xml, you put something like this in to tell it you
want it to examine all URLs that come into the web app:
UrlRewriteFilter
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
logLev
We've used UrlRewriteFilter with good success so far:
http://tuckey.org/urlrewrite/
David
Lothar Krenzien wrote:
Hi there,
I'm using tomcat 5.5 and want to redirect some requests to another URL. For example the URL
localhost:80/siteA should be forwarded to localhost:8080/siteB. Of course o
Does anybody know of any good Java/servlet code that handles email
bounce processing? When our automated systems send an email that
bounces (lots of hotmail bounce if the user has an account but just
hasn't logged in the past 30 days), we'd like a "somewhat reliable"
mechanism to associate the
I did not include a security constraint.
Is this needed for SSL? I spend some time looking at this element, and I was under the impression that it was for form authentication?
You don't really need it for SSL testing, but you'd want to do it in
your production world because it basically ins
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
You probably want to add the following attributes to the Connector above:
keystoreFile="keys/tomcatkeys" keystorePass="123"
Obviously, make the keystoreFile point to the name of the Java keystore
that you put your certificat
Tom Burke wrote:
George
Is this the same application 65 times over, one per virtual host? Or
65 different applications?
Tom Burke
This is a good question, if it matters architecturally within TC. In
our scenario, we will have a single host (perhaps more, but the initial
idea is to use
There are known problems with deploying the same application several
times. Tomcat is unable to unload webapp's classloader completely. For
example, it takes only ten deploys of our struts+hibernate webapp to
take Tomcat down. On the other hand, the same webapp can run even days
without affec
1 - 100 of 103 matches
Mail list logo