On 13.10.2011 00:14, chris derham wrote:
- it would probably require serious coding changes to do it (notably
because in the AJP protocol, there is no attribute or packet type foreseen
to pass such information per se)
- and there are some conceptual issues linked to this, essentially because
the
On 12.10.2011 22:47, André Warnier wrote:
Marcel Stör wrote:
Scenario: use Integrated Windows Security (Kerberos/NTLM) for the site
in IIS that delegates to Tomcat.
Question: would the ISAPI connector be able to pass the Active
Directory groups (i.e. user's membership info) along to Tomcat in t
and another piece of information: Tomcat and Apache are running in the
same machine.
On Thu, Oct 13, 2011 at 12:24 AM, Jorge Medina
wrote:
> Correcting some information:
> I am using Apache 2.2.13, mod_jk 1.2.30, Tomcat 6.0.32
>
> On Thu, Oct 13, 2011 at 12:16 AM, Jorge Medina
> wrote:
>> I have
2011/10/12 Brian Burch :
>
> OK, it now all makes some kind of sense. I've discovered that the Session
> associated with the second webapp is never being associated with the SSO
> instance created by the first webapp. However, the weird thing is that the
> protected resources of the second webapp a
Correcting some information:
I am using Apache 2.2.13, mod_jk 1.2.30, Tomcat 6.0.32
On Thu, Oct 13, 2011 at 12:16 AM, Jorge Medina
wrote:
> I have Apache (2.2.20) in front of a single Tomcat (6.0.32) instance
> using mod_jk (1.2.31) with the AJP protocol.
> I am getting errors like the sample bel
I have Apache (2.2.20) in front of a single Tomcat (6.0.32) instance
using mod_jk (1.2.31) with the AJP protocol.
I am getting errors like the sample below frequently (a few hundred
times a day). The server does not have a heavy load, it serves about
150 req/minute and average response time of 200
2011/10/12 André Warnier :
> Hi.
>
> [OT] How do you manage to send the text of your messages in
> "quoted-printable" form ?
>
>
> Richard W. Adams wrote:
>>
>> My Tomcat Version: 6.0.18.0 (running under Jboss)
>>
>> I'm trying to understand the script we use to deploy to our Tomcat server.
>> =
>>
Well, it seems that using a no cache filter works for Chrome, Firefox and
IE. But Opera and Safari don't obey the rules at all.
-Original Message-
From: cjder...@gmail.com [mailto:cjder...@gmail.com] On Behalf Of chris
derham
Sent: 12 Oct 2011 23 22
To: Tomcat Users List
Subject: Re: Appli
>> Then they're going to be available in the browser cache until the
>> browser chooses to discard them. You can't have it both ways.
>
>The OP could set expires headers that are relatively short-lived. That
>way, the client /should/ request a fresh page after, say, 30 minutes
>or whatever the ses
Not HTTPS but it worth me checking as you advise.
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: 12 Oct 2011 23 16
To: Tomcat Users List
Subject: RE: Application not logging out properly
> From: Martin O'Shea [mailto:app...@dsl.pipex.com]
> Subjec
> From: Martin O'Shea [mailto:app...@dsl.pipex.com]
> Subject: RE: Application not logging out properly
> But I can see these pages visited in the session just invalidated
> by using the browser's back button after logging out.
The session state is completely irrelevant - the browser knows noth
>
> - it would probably require serious coding changes to do it (notably
> because in the AJP protocol, there is no attribute or packet type foreseen
> to pass such information per se)
> - and there are some conceptual issues linked to this, essentially because
> the very notion of AD/NTLM "user g
Well, there's no intermediary: I'm seeing this in NetBeans 7.0.1 with AT
6.0.26. and if my NoCache_Filter contains this:
// Force browser not to cache pages.
HttpServletResponse hsr = (HttpServletResponse) response;
hsr.setHeader("Cache-Control", "no-cache, n
> From: Martin O'Shea [mailto:app...@dsl.pipex.com]
> Subject: RE: Application not logging out properly
> But it doesn't explain why I can see the pages after session invalidation.
It certainly does. If the browser (or some other intermediary) is caching the
pages, they will be available for d
But I can see these pages visited in the session just invalidated by using the
browser's back button after logging out.
By other Tomcat applications, I mean other applications which have the same
arrangements and run under 6.0.26. But when I log out from one of these, I
can't see pages just vis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
On 10/12/2011 6:01 PM, Martin O'Shea wrote:
> I'm not disagreeing and have set a filter to this end. But it
> doesn't explain why I can see the pages after session
> invalidation.
Your web browser has an on-disk cache. It's reading the files
I'm not disagreeing and have set a filter to this end. But it doesn't explain
why I can see the pages after session invalidation.
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 12 Oct 2011 22 59
To: Tomcat Users List
Subject: Re: Application not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
On 10/12/2011 5:58 PM, Martin O'Shea wrote:
> This is true of the current application, but also true of the other
> Tomcat applications I have.
>
> But the others don't seem to have this problem.
Which others?
> I know the sessions are inva
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 10/12/2011 5:30 PM, Caldarale, Charles R wrote:
>> From: Martin O'Shea [mailto:app...@dsl.pipex.com] Subject: RE:
>> Application not logging out properly
>
>> I would rather avoid forcing the browser to reload each page via
>> the appropria
This is true of the current application, but also true of the other Tomcat
applications I have.
But the others don't seem to have this problem. I know the sessions are
invalidating because if I try to do something on one of the pages visited in
the session, the login page appears automatically.
> From: Martin O'Shea [mailto:app...@dsl.pipex.com]
> Subject: RE: Application not logging out properly
> I would rather avoid forcing the browser to reload each
> page via the appropriate headers.
Then they're going to be available in the browser cache until the browser
chooses to discard th
I would rather avoid forcing the browser to reload each page via the
appropriate headers.
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: 12 Oct 2011 22 18
To: Tomcat Users List
Subject: RE: Application not logging out properly
> From: Martin O'Sh
I'm using form based authentication as follows:
Login
Name:
Password:
Martin O'Shea wrote:
Hello
I'm using Apache Tomcat 6.0.26 for an application where the majority of the
content is hidden behind a page requiring authenticated login. This appears
to work fine but upon logout, I find I am able to browse back through some
of the pages visited in the session.
> From: Martin O'Shea [mailto:app...@dsl.pipex.com]
> Subject: Application not logging out properly
> upon logout, I find I am able to browse back through some
> of the pages visited in the session.
Are you sure it's not the browser simply displaying previously cached pages?
If so, then have
Hello
I'm using Apache Tomcat 6.0.26 for an application where the majority of the
content is hidden behind a page requiring authenticated login. This appears
to work fine but upon logout, I find I am able to browse back through some
of the pages visited in the session.
As far as I'm aware,
Marcel Stör wrote:
Scenario: use Integrated Windows Security (Kerberos/NTLM) for the site
in IIS that delegates to Tomcat.
Question: would the ISAPI connector be able to pass the Active Directory
groups (i.e. user's membership info) along to Tomcat in the request?
I am not the ultimate exper
Scenario: use Integrated Windows Security (Kerberos/NTLM) for the site
in IIS that delegates to Tomcat.
Question: would the ISAPI connector be able to pass the Active Directory
groups (i.e. user's membership info) along to Tomcat in the request?
Question 2: if yes, could I call request.isUserIn
Thanks
Change to ?xml in tomcat-users.xml and uncommmenting additional Realm config
fixed issue
Holly Lund
EES, LLC,
Contractor to the
United States Department of Energy
1000 Independence Avenue, SW
Washington, DC 20585
Phone:202-586-4431
Email:holly.l...@hq.doe.gov
-Original Message
On 12/10/11 12:35, Brian Burch wrote:
I've successfully run a remote debugger session against the SingleSignOn
Valve while it is handling my timeout scenario.
Interestingly, the logic to handle the timeout of a single webapp is
exactly as I wanted it to be... only the specific Session is removed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Holly,
On 10/12/2011 12:50 PM, Lund, Holly (CONTR) wrote:
> Umcommented the UserDatabaseRealm section
Really?
>
Looks like it's still commented-out to me.
> Oct 12, 2011 12:45:35 PM org.apache.catalina.realm.JAASRealm
> setContainer INFO: Set JA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 10/12/2011 8:53 AM, Brian Burch wrote:
> My tomcat 6.0.28 compiled class for AuthenticatorBase does not
> match the 6.0.33 source code I am debugging with. The SSO Valve is
> pretty much the same.
So get the source for 6.0.28:
http://archi
On 12/10/11 17:51, Woonsan Ko wrote:
One simple strong reason is that I don't want to run tomcat by root.
The debian/ubuntu deb package installs tomcat6 so that it uses authbind
to listen on ports < 1024, and it runs under its own non-root uid/gid. I
was very impressed when I converted from t
On 12/10/2011 17:51, Woonsan Ko wrote:
>
> - Original Message -
>> From: André Warnier
>> To: Tomcat Users List
>> Cc:
>> Sent: Wednesday, October 12, 2011 11:52 AM
>> Subject: Re: redirection error due to context path after JAAS authentication
>> with mod_proxy
>>
>> Woonsan Ko wrote:
- Original Message -
> From: André Warnier
> To: Tomcat Users List
> Cc:
> Sent: Wednesday, October 12, 2011 11:52 AM
> Subject: Re: redirection error due to context path after JAAS authentication
> with mod_proxy
>
> Woonsan Ko wrote:
>> Hi,
>>
>> I have a reverse proxy configu
Umcommented the UserDatabaseRealm section
Server.xml file
> From: Lund, Holly (CONTR) [mailto:holly.l...@hq.doe.gov]
> Subject: manager trying to use JAASRealm vice tomcat-users.xml
> Tomcat 6.0.32 and java 1.6 on solaris 10
Good to know; thanks.
> Uncommented the connector 8080
That's very odd, since that is not commented out in the standard
serve
Hi.
[OT] How do you manage to send the text of your messages in "quoted-printable"
form ?
Richard W. Adams wrote:
My Tomcat Version: 6.0.18.0 (running under Jboss)
I'm trying to understand the script we use to deploy to our Tomcat server.
=
The scripts uses pound signs (#) instead of slas
Woonsan Ko wrote:
Hi,
I have a reverse proxy configuration like this:
ServerName localhost
ProxyPreserveHost On
ProxyPass / http://localhost:8080/app1/
ProxyPassReverse / http://localhost:8080/app1/
ProxyPassReverseCookiePath /app1 /
If it is really like above, then why are
On 12/10/2011 15:55, Richard W. Adams wrote:
> My Tomcat Version: 6.0.18.0 (running under Jboss)
That's old.
> I'm trying to understand the script we use to deploy to our Tomcat server.
> =
>
> The scripts uses pound signs (#) instead of slashes in the path to the WAR
> =
>
> file being deplo
Edward Quick wrote:
Thanks for your reply Chris. No I'm not confident a restart would fix it.
Having said that I haven't seen the ssl handshake problem since yesterday
(which might be because the app hasn't tried the address yet) so waiting to see
if it happens again. Unfortunately I don't hav
Tomcat 6.0.32 and java 1.6 on solaris 10
Uncommented the connector 8080 and changed port to 37799 (due to firewall
constraints)
added user for manager-gui and role for manager-gui in tomcat-users.xml
When I try to log into manager get following error in catalina.out
Oct 12, 2011
My Tomcat Version: 6.0.18.0 (running under Jboss)
I'm trying to understand the script we use to deploy to our Tomcat server.
=
The scripts uses pound signs (#) instead of slashes in the path to the WAR
=
file being deployed. Let me first be clear: The script works. What I=20
DON'T understand
Hi,
I have a reverse proxy configuration like this:
ServerName localhost
ProxyPreserveHost On
ProxyPass / http://localhost:8080/app1/
ProxyPassReverse / http://localhost:8080/app1/
ProxyPassReverseCookiePath /app1 /
And, I have a form-based login configuration for JAAS authenti
Found out the reason for the ssl handshake error. The certificate chain was in
the wrong order (being server certificate, Root CA, Intermediate, instead of
server certificate, Intermediate, Root CA).
-Original Message-
From: Edward Quick [mailto:edward.qu...@iggroup.com]
Sent: 12 Octobe
On 12/10/11 12:51, Konstantin Kolinko wrote:
Something becomes clearer.
Remembering the session as associated with ssoid is performed by
SingleSignOn.associate(..) method. This method is called by
AuthenticatorBase class.
Those webapps with long living sessions - are they protected by
security
2011/10/12 Brian Burch :
>
> I've successfully run a remote debugger session against the SingleSignOn
> Valve while it is handling my timeout scenario.
>
> Interestingly, the logic to handle the timeout of a single webapp is exactly
> as I wanted it to be... only the specific Session is removed fro
On 11/10/11 22:24, Christopher Schultz wrote:
I'm not an expert at SSO, nor have I ever used it on any of my
projects. All my answers should be considered suspicious :)
>
So, it looks like the Valve should *not* be expiring your SSO when the
"static" webapp's session expires. Can you confirm th
Thanks for your reply Chris. No I'm not confident a restart would fix it.
Having said that I haven't seen the ssl handshake problem since yesterday
(which might be because the app hasn't tried the address yet) so waiting to see
if it happens again. Unfortunately I don't have a way to invoke it.
49 matches
Mail list logo
