Robert Denison wrote:
Thanks peter,
Don't suppose anyone can point me to any documentation that talks about getting
caching working properly for tomcat and static content can they?
A good caching tutorial is http://www.mnot.net/cache_docs/
The best site for web performance in general is
Thanks everyone for your help, I'll take a look at this and then let everyone
know how I get on.
Christopher, thanks for your patient reply, sorry I missed your earlier post, I
guess my googling skills aren't what I think they are!
R.
On 10 Nov 2009, at 20:26, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert,
On 11/11/2009 4:23 AM, Robert Denison wrote:
Thanks everyone for your help, I'll take a look at this and then let
everyone know how I get on.
Christopher, thanks for your patient reply, sorry I missed your
earlier post, I guess my
Hi P,
Thanks very much for your reasoned helpful response.
I fancied securing only login because I only want logged in users to see the
service and I want the login to be secure (passwords are safe) but the data
itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting
On 10/11/2009 10:07, Robert Denison wrote:
Hi P,
Thanks very much for your reasoned helpful response.
I fancied securing only login because I only want logged in users to see the
service and I want the login to be secure (passwords are safe) but the data
itself is irrelevant so I figure why
Ugh, I didn't know about the interference with caching (I am fairly new to
this) so it seems that adds weight to the idea of not securing anything but the
login process I'll give these ideas a try and report back so it's public
info.
Thanks again P.
R.
On 10 Nov 2009, at 10:42, Pid
I assume that the standard way of dealing with static caching is to have e.g.
an images (css etc) directory and have that not secure?
Simple question but can you do one /* constraint and then override that with a
subsequent /images (and css etc) constraint or is there a different preferred
way
Just to pick up on the point below.
If the Valve acts before the filter then I would guess my idea can't work
because the login will have already happened before I get chance to redirect to
https. Therefore meaning the login process will have happened unencrypted...
R.
On 10 Nov 2009, at
2009/11/10 Robert Denison r...@blim.org:
I assume that the standard way of dealing with static caching is to have e.g.
an images (css etc) directory and have that not secure?
No, as on most browsers that will pop up a dialog box with something
like this page contains both secure and insecure
Thanks peter,
Don't suppose anyone can point me to any documentation that talks about getting
caching working properly for tomcat and static content can they?
R.
On 10 Nov 2009, at 13:14, Peter Crowther wrote:
2009/11/10 Robert Denison r...@blim.org:
I assume that the standard way of
On 10/11/2009 12:48, Robert Denison wrote:
Just to pick up on the point below.
If the Valve acts before the filter then I would guess my idea can't work
because the login will have already happened before I get chance to redirect to
https. Therefore meaning the login process will have
On 10/11/2009 13:25, Robert Denison wrote:
Thanks peter,
Don't suppose anyone can point me to any documentation that talks about getting
caching working properly for tomcat and static content can they?
It's not so much a case of Tomcat, unfortunately your app is also
affected by browser
From: Robert Denison [mailto:r...@blim.org]
Subject: Re: Secure login only, not rest of app
Simple question but can you do one /* constraint and then override that
with a subsequent /images (and css etc) constraint
Yes, that's required by the servlet spec - longest match wins.
- Chuck
From: Pid [...@pidster.com]
Sent: Wednesday, 11 November 2009 12:51 AM
To: users@tomcat.apache.org
Subject: Re: Secure login only, not rest of app
On 10/11/2009 13:25, Robert Denison wrote:
Thanks peter,
Don't suppose anyone can point me to any documentation that talks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert,
On 11/10/2009 5:07 AM, Robert Denison wrote:
if (logged in) {
if (https) goto http
} else {
if (http) goto https
}
I've outlined this in another post, but I'll repeat it, here:
1. Modify your login page to check for HTTPS. If the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert,
On 11/10/2009 7:48 AM, Robert Denison wrote:
If the Valve acts before the filter then I would guess my idea can't
work because the login will have already happened before I get chance
to redirect to https. Therefore meaning the login
Hi all,
I am trying to have setup my tomcat webapp to be secure for login
only. It works as you'd expect if the security-constraint for /* is
unsecure and if I make it secure (using CONFIDENTIAL) for /*.
However if I try to make it secure only for the login page and
unsecure elsewhere
On 09/11/2009 22:33, Robert Denison wrote:
Hi all,
I am trying to have setup my tomcat webapp to be secure for login only.
It works as you'd expect if the security-constraint for /* is unsecure
and if I make it secure (using CONFIDENTIAL) for /*.
However if I try to make it secure only for the
18 matches
Mail list logo
