Hello,
I keep reading about how tomcat 7 has the ability to have a war file
reference external content (i.e. a directory containing images) outside
of the war file.
Can someone point me to the documentation of this feature?
thanks,
Mike
-
On 5/17/2011 5:46 AM, Mark Thomas wrote:
CVE-2011-1582 Apache Tomcat security constraint bypass
Description:
An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that
security constraints configured via annotations were ignored on the
first request to a Servlet. Subsequent requests were s
Hello,
I have a java webapp that is going to make calls to Solr. Both the
webapp and Solr will be on the same server.
I have heard that it is not recommended to run the webapp on the same
tomcat instance as Solr, due to potential threading issues of tomcat
calling into itself.
Would it be
On 3/8/2011 7:47 AM, Mark Thomas wrote:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.10
Does this fix the bug where @ServletSecurity annotations are ignored?
I did not see that fix in the release notes, and I thought it was going
to be included in this rel
On 3/2/2011 8:49 AM, Mark Thomas wrote:
As reported on the users list [1], both Tomcat 7.0.8 and the latest
Tomcat 7 code from svn appear to ignore @ServletSecurity annotations.
Assuming this issue is confirmed, it may lead to authentication bypass
and information disclosure.
The exact details a
On 3/2/2011 4:12 AM, Mark Thomas wrote:
On 02/03/2011 06:54, Michael McCutcheon wrote:
I'm using Tomcat 7.0.8.
I have a servlet with a doGet method that has a @DenyAll annotation
applied to it.
However, when I run the servlet, it seems to make no difference, and
doGet is still called.
I
I'm using Tomcat 7.0.8.
I have a servlet with a doGet method that has a @DenyAll annotation
applied to it.
However, when I run the servlet, it seems to make no difference, and
doGet is still called.
It was my understanding that @DenyAll was supposed to prevent access to
the method on which
Does Tomcat 7.0.8 support the Servlet 3.0 security annotations?
@RolesAllowed
@DeclareRoles
@ServletSecurity
, etc.?
thanks,
Mike
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: u
I've got a simple problem where:
request.getQueryString() returns this:
"title%3Dtesttitle%26categoryAccessLabel%3Dtestcategoryaccesslabel%26valueAccessLabel%3DtestvalueAccessLabel"
but request.getParameter("title") returns null.
Am I missing something obvious?
Shouldn't it be returning 't
On 2/26/2011 10:43 PM, Michael McCutcheon wrote:
I've got a simple problem where:
request.getQueryString() returns this:
"title%3Dtesttitle%26categoryAccessLabel%3Dtestcategoryaccesslabel%26valueAccessLabel%3DtestvalueAccessLabel"
but request.getParameter("title&q
I've got a simple problem where:
request.getQueryString() returns this:
"title%3Dtesttitle%26categoryAccessLabel%3Dtestcategoryaccesslabel%26valueAccessLabel%3DtestvalueAccessLabel"
but request.getParameter("title") returns null.
Am I missing something obvious?
Shouldn't it be returning 'test
On 2/8/2011 11:46 AM, Mark Thomas wrote:
On 08/02/2011 07:41, Michael McCutcheon wrote:
Do I need something in web.xml?
Yes.
Or do I need to declare something special on the servlet that calls the
login method?
No.
Do I need a section? If so, What should it be populated
with?
Yes. I&#
Hello,
I'm attempting to setup my web app to authenticate via the new Servlet
3.0 HttpServletRequest.login method.
I have a JDBC realm set up in the context.xml in Netbeans 7. Now I'd
like to use the request.login method to authenticate against that realm.
The problem I'm having is that I
13 matches
Mail list logo
