By the comments in issue 44494, this bug appears to be fixed and is
planned to be released in the next update of Tomcat 5.5.x. I've taken a
quick look on the Tomcat site and didn't find a release plan.
My question is: What, if any, is the timeframe for this next release?
I've been bitten by
AGE-
> Hash: SHA1
>
> Gordon,
>
> Hyatt, Gordon wrote:
> | The intent is as follows:
> |
> | For the main site: plain HTTP access
> |
> | For the administration and sample submission areas, require
> | authentication over HTTPS
> |
>
I'm trying to add Authentication (over HTTPS) to a Struts-based web app
and am running into problems.
I can get Tomcat (5.5.26) to authenticate the user (using Basic login)
without issue, but I can't seem to get a Struts-based login form to
work. Because of the way the passwords are encrypted,
I've just finished reading the Tomcat Security chapter of O'Reilly's
Tomcat, The Definitive Guide that covers Tomcat 4 and have been left
with many questions.
First, a little background: I've setup a new web server on FC8 x86_64
running Sun Java 1.6.0_05 and tomcat 5.5.26. I'm very familiar with
We had an application (with connection pooling and validation query) running on
TC5.0.28 (now on TC5.5.17) connecting to MS SQL Server using the Microsoft JDBC
drivers. When tomcat and the database were on the same side of the firewall
performance was great (averaged < 20ms obtaining connection
A web-app I'm developing is expected to have many (possibly as many as 40-50)
servlets, some will be updating a database others retrieving information from a
database. All requests will be POSTs containing XML-formatted information.
Some of the servlets will be heavily used (retrieving the co