Consultation on disabling insecure HTTP requests in Tomcat
Hi Tomcat Experts?? I'm trying to Looking for a solution to disable the tomcat * Options request, but upon checking the source code, it seems that it is directly defined in the code. Is there a configuration provided to disable it? Attached are the questions and the source code found 2460873257 2460873...@qq.com
Re: Consultation on disabling insecure HTTP requests in Tomcat
On 18/01/2024 09:22, 2460873257 wrote: Hi Tomcat Experts: I'm trying to Looking for a solution to disable the tomcat * Options request, Why? but upon checking the source code, it seems that it is directly defined in the code. Is there a configuration provided to disable it? No. Attached are the questions and the source code found Attachments are removed automatically. Please use plain text. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Consultation on disabling insecure HTTP requests in Tomcat
Marc, etc., On 1/18/24 05:10, Mark Thomas wrote: On 18/01/2024 09:22, 2460873257 wrote: Hi Tomcat Experts: I'm trying to Looking for a solution to disable the tomcat * Options request, Why? +1 What's wrong with OPTIONS requests? They allow some basic security checks to succeed and should not be disabled. If you disable them, CORS will fail all over the place. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Getting Two times login page issue.
Hello Team , We are facing a issue with the tomcat application login URL , where it is asking twice for login to the user , with first login it will redirect again to the login page , while reentering the credentials again , it is successful ( with second attempt it is working ) and user will be redirected to the next page , this issue we have encountered after a datacenter migration for the tomcat server on Test region , the servers were cloned from the original server to the new datacenter servers, we had manually updated the new IP address on the configuration files related to new servers , but with testing part we encountering this issue , We had 2 servers on Test region which are load balanced where 1 server is working fine ( with another server shutdown ) , no issue with login page on this server , while issue happening on another server. The application login page resides on the Lotus Domino server and authentication happens on Domino side and then it redirects the request to Apache and Tomcat servers . Please suggest on this issue . Thanks, Mohit
Re: Getting Two times login page issue.
On Thu, Jan 18, 2024 at 8:08 PM Chaudhary, Mohit wrote: > Hello Team , > > We are facing a issue with the tomcat application login URL , where it is > asking twice for login to the user , with first login it will redirect > again to the login page , while reentering the credentials again , it is > successful ( with second attempt it is working ) and user will be > redirected to the next page , this issue we have encountered after a > datacenter migration for the tomcat server on Test region , the servers > were cloned from the original server to the new datacenter servers, we had > manually updated the new IP address on the configuration files related to > new servers , but with testing part we encountering this issue , > > You haven't really indicated how this is a tomcat issue. This sounds like it's either an application issue or a Lotus Domino SSO issue. However I will ask some questions that may point you in the right direction. Is the application dependent on tomcats JSession? If so , when does it determine the userPrincipal? If not then it's an application issue. How is this SSO setup? Header based? cookie based? agent based session? is Tomcat responsible for connecting to the userstore to determine who the user is? This would be done via a realm. > We had 2 servers on Test region which are load balanced where 1 server is > working fine ( with another server shutdown ) , no issue with login page on > this server , while issue happening on another server. > So are you saying it works fine with 1 server and doesn't when 2 are running? Are you sure its not a load balancing issue? How does your application handle sessions? Does it replicate them? Does the application use Affinity to keep the user going to the same server through the LB? > > The application login page resides on the Lotus Domino server and > authentication happens on Domino side and then it redirects the request to > Apache and Tomcat servers . > Please suggest on this issue . > There are a lot of different things that can go wrong here and most of them are not tomcat related. > > Thanks, > Mohit > > -- Thanks, Brian Wolfe https://www.linkedin.com/in/brian-wolfe-3136425a/