RE: BASIC authentication problem in tomcat8.0.33

Many thanks Mark for all your valuable help. I have managed it working my customization by extending the class GenericPrinicipal. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, May 19, 2016 4:33 PM To: Tomcat Users List Subject: Re: BASIC authentication

Re: BASIC authentication problem in tomcat8.0.33

customization > point of view. > > Removing the default files'tomcat-users.txt' and 'tomcat-users.xsd' from > \config, will it make any difference? > > > > Thanks in advance > > > > -----Original Message- > > Fro

RE: BASIC authentication problem in tomcat8.0.33

: Wednesday, May 18, 2016 5:23 PM To: Tomcat Users List Subject: RE: BASIC authentication problem in tomcat8.0.33 This was typo in while writing mail. When I debug my customized code until it is returning the principal everything seems to be good from customization point of view. Removing the default

RE: BASIC authentication problem in tomcat8.0.33

fference? Thanks in advance -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, May 18, 2016 5:18 PM To: Tomcat Users List Subject: Re: BASIC authentication problem in tomcat8.0.33 On 18/05/2016 12:47, Mark Thomas wrote: > On 18/05/2016 11:07, Venkata Reddy

Re: BASIC authentication problem in tomcat8.0.33

On 18/05/2016 12:47, Mark Thomas wrote: > On 18/05/2016 11:07, Venkata Reddy P wrote: >> Hi, >> >> I have been using the "BASIC authentication" from the tomcat3.x onwards, >> unfortunately after migrating to tomcat8.0.33 it is broken. > > BASIC au

Re: BASIC authentication problem in tomcat8.0.33

On 18/05/2016 11:07, Venkata Reddy P wrote: > Hi, > > I have been using the "BASIC authentication" from the tomcat3.x onwards, > unfortunately after migrating to tomcat8.0.33 it is broken. BASIC auth works for me with a clean 8.0.33 install. Therefore this looks like a pr

BASIC authentication problem in tomcat8.0.33

Hi, I have been using the "BASIC authentication" from the tomcat3.x onwards, unfortunately after migrating to tomcat8.0.33 it is broken. Could you please help on this what is going wrong? Step1)---Realm customization The customized classes are:-

Re: Basic Authentication

On 4/14/2016 7:45 AM, King Kenneth wrote: > All, > > Please provide an example of how to set a web application to BASIC within the > web.xml file. > > Thanks, > > Kenneth King Jr. > Booz l Allen l Hamilton > Office (202) 317-5593 > Cell (203) 450-7941 Please read the appropriate servlet specif

Re: Basic Authentication

Have you already googled for "tomcat basic authentication"? Which of the numerous instructions did you have problems with? What nature were they? Am 14.04.2016 um 16:45 schrieb King Kenneth: > All, > > Please provide an example of how to set a web application to BASIC within

Basic Authentication

All, Please provide an example of how to set a web application to BASIC within the web.xml file. Thanks, Kenneth King Jr. Booz l Allen l Hamilton Office (202) 317-5593 Cell (203) 450-7941

Re: Basic Authentication Valve not hitting on Tomcat7.0.20

> I am sorry this code was in the web.xml NOT server.xml >> From: Michela, Andrew J (LABOR) [mailto:andrew.mich...@labor.ny.gov] >> Subject: RE: Basic Authentication Valve not hitting on Tomcat7.0.20 > >> I have that in the server.xml(see below) still no luck. >&g

Re: Basic Authentication Valve not hitting on Tomcat7.0.20

iginal Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Friday, February 17, 2012 11:07 AM > To: Tomcat Users List > Subject: RE: Basic Authentication Valve not hitting on Tomcat7.0.20 > >> From: Michela, Andrew J (LABOR) [mailto:andr

RE: Basic Authentication Valve not hitting on Tomcat7.0.20

I am sorry this code was in the web.xml NOT server.xml -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, February 17, 2012 11:07 AM To: Tomcat Users List Subject: RE: Basic Authentication Valve not hitting on Tomcat7.0.20 > From: Mich

RE: Basic Authentication Valve not hitting on Tomcat7.0.20

> From: Michela, Andrew J (LABOR) [mailto:andrew.mich...@labor.ny.gov] > Subject: RE: Basic Authentication Valve not hitting on Tomcat7.0.20 > I have that in the server.xml(see below) still no luck. > ??? Please read the servlet spec and the Tomcat doc, and show us where the

RE: Basic Authentication Valve not hitting on Tomcat7.0.20

AM To: Tomcat Users List Subject: Re: Basic Authentication Valve not hitting on Tomcat7.0.20 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 2/16/12 2:28 PM, Michela, Andrew J (LABOR) wrote: > I have that in the server.xml still no luck You have *what* in server.xml, and what does

Re: Basic Authentication Valve not hitting on Tomcat7.0.20

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 2/16/12 2:28 PM, Michela, Andrew J (LABOR) wrote: > I have that in the server.xml still no luck You have *what* in server.xml, and what does "no luck" mean? Did you reply to the wrong thread? - -chris -BEGIN PGP SIGNATURE- Versi

RE: Basic Authentication Valve not hitting on Tomcat7.0.20

List Subject: Re: Basic Authentication Valve not hitting on Tomcat7.0.20 2012/2/16 Christopher Schultz : > > On 2/16/12 8:26 AM, Sachin Mehrotra wrote: >> BASIC My App >> Realm > > I believe if you set to BASIC, Tomcat will add its own > Valve to the valve chain. If

Re: Basic Authentication Valve not hitting on Tomcat7.0.20

2012/2/16 Christopher Schultz : > > On 2/16/12 8:26 AM, Sachin Mehrotra wrote: >> BASIC My App >> Realm > > I believe if you set to BASIC, Tomcat will add its own > Valve to the valve chain. If you don't set the here but > still add your to context.xml, does that improve things? > IIRC Tomcat

Re: Basic Authentication Valve not hitting on Tomcat7.0.20

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sachin, On 2/16/12 8:26 AM, Sachin Mehrotra wrote: > BASIC My App > Realm I believe if you set to BASIC, Tomcat will add its own Valve to the valve chain. If you don't set the here but still add your to context.xml, does that improve things? -

Re: Basic Authentication Valve not hitting on Tomcat7.0.20

> > > CONFIDENTIAL > > > > > BASIC > My App Realm > Does BASIC authentication happen at all, or is this config ignored? > In context.xml inside META-I

Re: Basic Authentication Valve not hitting on Tomcat7.0.20

cation context.xml like files. Thanks Sachin On 2/16/12, Pid wrote: > On 16/02/2012 12:30, Sachin Mehrotra wrote: >> Hi >> >> After upgrade from Tomcat 6 to Tomcat 7.0.20, our Basic Authentication >> valve is not hitting. It seems it is overlooking our implemen

Re: Basic Authentication Valve not hitting on Tomcat7.0.20

On 16/02/2012 12:30, Sachin Mehrotra wrote: > Hi > > After upgrade from Tomcat 6 to Tomcat 7.0.20, our Basic Authentication > valve is not hitting. It seems it is overlooking our implementation of > Basic Authentication. > Below is the implementation: > We are havin

Basic Authentication Valve not hitting on Tomcat7.0.20

Hi After upgrade from Tomcat 6 to Tomcat 7.0.20, our Basic Authentication valve is not hitting. It seems it is overlooking our implementation of Basic Authentication. Below is the implementation: We are having Realm that is doing authentication using our authentication server. Before that we are

Re: combination of RemoteAddrValve und basic authentication

Hi Chris, but "allows" is part of RequestFilterValve. Not in the current trunk. Your code expects the "allows" variable to be of type String[], and no such variable exists in RequestFilterValve. Right: the point of the RequestFilterValve is that you don't have to override the process() meth

Re: combination of RemoteAddrValve und basic authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Remon, On 10/19/2011 12:23 PM, Remon Sadikni wrote: > Hi Chris, >> >> If you overrode the process() method (and I'm sure you changed >> other things, too, since the variable "allows" is not part of >> RequestFilterValve), then you really aren't gett

Re: combination of RemoteAddrValve und basic authentication

Hi Chris, If you overrode the process() method (and I'm sure you changed other things, too, since the variable "allows" is not part of RequestFilterValve), then you really aren't getting anything by extending RequestFilterValve. but "allows" is part of RequestFilterValve. I only extended this

Re: combination of RemoteAddrValve und basic authentication

null, "USER", "PASS", roles); // set the > principal in this request request.setUserPrincipal(principal); } } > // pass this request to the next valve (basic authentication) > getNext().invoke(request, response); return; If you overrode the process() method (and I

Re: combination of RemoteAddrValve und basic authentication

Hi André, hi Christopher, The use of HTTP BASIC authentication confuses things here because of the credential transfer mechanism (HTTP headers). I suppose you could write a Valve that sniffs the user's IP address and then adds HTTP headers to the request for the "Authentication&

Re: combination of RemoteAddrValve und basic authentication

Hi Christopher, You should probably extend ValveBase so you don't have to implement all the silly management methods. http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/ValveBase.html This will let you implement only the important method: invoke(). ok, I will try

Re: combination of RemoteAddrValve und basic authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 9/27/2011 7:40 AM, André Warnier wrote: > The reason why I was mentioning further complexity for the Valve > solution, is that as far as I know, the HttpServletRequest object > is "immutable" (iow read-only), as it is received. For the mos

Re: combination of RemoteAddrValve und basic authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Remon, On 9/27/2011 5:14 AM, Remon Sadikni wrote: > Hi André, hi Christopher, > > thanks for your answers. >> >> The use of HTTP BASIC authentication confuses things here because >> of the credential transfer mechanis

Re: combination of RemoteAddrValve und basic authentication

Remon Sadikni wrote: Hi André, hi Christopher, thanks for your answers. The use of HTTP BASIC authentication confuses things here because of the credential transfer mechanism (HTTP headers). I suppose you could write a Valve that sniffs the user's IP address and then adds HTTP headers t

Re: combination of RemoteAddrValve und basic authentication

Hi André, hi Christopher, thanks for your answers. The use of HTTP BASIC authentication confuses things here because of the credential transfer mechanism (HTTP headers). I suppose you could write a Valve that sniffs the user's IP address and then adds HTTP headers to the request fo

Re: combination of RemoteAddrValve und basic authentication

ve you access to the HttpServletRequest and therefore you can't sniff the IP address. :( The use of HTTP BASIC authentication confuses things here because of the credential transfer mechanism (HTTP headers). I suppose you could write a Valve that sniffs the user's IP address and then add

Re: [partially OT] combination of RemoteAddrValve und basic authentication

Remon Sadikni wrote: Dear Tomcat developers and users, I managed to restrict a web application by IP-adress with RemoteAddrValve and to restrict another one by basic authentication. Now I would like to restrict the same web application by both methods: - If the user is inside a specific

Re: combination of RemoteAddrValve und basic authentication

Remon Sadikni wrote: Dear Tomcat developers and users, I managed to restrict a web application by IP-adress with RemoteAddrValve and to restrict another one by basic authentication. Now I would like to restrict the same web application by both methods: - If the user is inside a specific

combination of RemoteAddrValve und basic authentication

Dear Tomcat developers and users, I managed to restrict a web application by IP-adress with RemoteAddrValve and to restrict another one by basic authentication. Now I would like to restrict the same web application by both methods: - If the user is inside a specific network (e.g. 134.134

Re: Configuring Tomcat 6 to use basic authentication only on https connectors

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerhard, On 3/24/2011 1:49 PM, Gaugusch, Gerhard wrote: > is there a way to configure tomcat 6 to use basic authentication only > on https connectors? I know that it is possible to define in each > deployed application via web.xml to allow o

Re: Question about BASIC Authentication

seen other websites >>> run on what looks to be BASIC Authentication without popping these browser >>> messages when leaving secured sections. >> >> Most websites use HTTP AUTH consistently, at least for a particular URL >> prefix. >> >>> See the htt

Re: Question about BASIC Authentication

; Matthew, >> >> On 6/30/2010 8:20 PM, Matthew Mauriello wrote: >>> The behavior seems rather strange to me in fact, I've seen other >>> websites >>> run on what looks to be BASIC Authentication without popping these >>> browser >>> mes

Re: Question about BASIC Authentication

On 01/07/2010 02:30, Christopher Schultz wrote: > Matthew, > > On 6/30/2010 8:20 PM, Matthew Mauriello wrote: >> The behavior seems rather strange to me in fact, I've seen other websites >> run on what looks to be BASIC Authentication without popping these browser >&g

RE: Question about BASIC Authentication

> From: Matthew Mauriello [mailto:mm578...@albany.edu] > Subject: Re: Question about BASIC Authentication > > how do websites grant access to public sites and secure > certain sections? By using the servlet-spec defined mechanisms with a for the protected areas. > Or

Re: Question about BASIC Authentication

---BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Matthew, > > On 6/30/2010 8:20 PM, Matthew Mauriello wrote: >> The behavior seems rather strange to me in fact, I've seen other >> websites >> run on what looks to be BASIC Authentication without popping the

Re: Question about BASIC Authentication

gt; On 6/30/2010 8:20 PM, Matthew Mauriello wrote: >> The behavior seems rather strange to me in fact, I've seen other >> websites >> run on what looks to be BASIC Authentication without popping these >> browser >> messages when leaving secured sections. > &g

Re: Question about BASIC Authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew, On 6/30/2010 8:20 PM, Matthew Mauriello wrote: > The behavior seems rather strange to me in fact, I've seen other websites > run on what looks to be BASIC Authentication without popping these browser > messages when leaving se

Re: Question about BASIC Authentication

Christopher, The behavior seems rather strange to me in fact, I've seen other websites run on what looks to be BASIC Authentication without popping these browser messages when leaving secured sections. See the http://user:passw...@website.com/SOLR is only used once and it might actually be

Re: Question about BASIC Authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew, On 6/30/2010 12:07 AM, Matthew Mauriello wrote: > I have two directories in 'webapps' other than ROOT. ROOT redirects users > to webappA. WebappA does not use tomcat's basic authentication but if you > log into t

Re: Question about BASIC Authentication

Christopher, Thanks for the response. I have two directories in 'webapps' other than ROOT. ROOT redirects users to webappA. WebappA does not use tomcat's basic authentication but if you log into the application there are links inside it that sends the user to the SOLR

Re: Question about BASIC Authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt, On 6/29/2010 5:57 PM, Matthew Mauriello wrote: > I am having a minor problem related to Tomcat's BASIC Authentication setup. > > A user access my custom web application in the 'webapps' folder which is > accessibl

Question about BASIC Authentication

Hello, I am having a minor problem related to Tomcat's BASIC Authentication setup. A user access my custom web application in the 'webapps' folder which is accessible to everyone in a separate sub folder. I have another 'webapps' sub folder for SOLR which is secured wit

Re: BASIC Authentication : Not working

2010/3/28 Binu Kuttikkattu Idicula : > It is in corejspbean.war and after trying out > /StringBean.jsp, the access is restricted only to > the StringBean.jsp which was the real need. Thanks. > > A little curious about URL pattern if it is in webapps/corejspbean.. Does > the pattern change? Is there

Re: BASIC Authentication : Not working

It is in corejspbean.war and after trying out /StringBean.jsp, the access is restricted only to the StringBean.jsp which was the real need. Thanks. A little curious about URL pattern if it is in webapps/corejspbean.. Does the pattern change? Is there any rule/documentation mentioing this? On Sun,

Re: BASIC Authentication : Not working

2010/3/28 Binu Kuttikkattu Idicula : > The exact URL which I access is > http://localhost:8080/corejspbean/StringBean.jsp . How do I define a > URLPattern for this? /StringBean.jsp I suppose that your application is "corejspbean.war" or is in webapps/corejspbean -

Re: BASIC Authentication : Not working

ards, > Harry > > 2010/3/28 Binu Kuttikkattu Idicula > > > > Hi, > > >I was trying a very basic example of authentication using HTTP Basic > > > Authentication. However this seems not working in TOMCAT 6.0.20 for my > > > application. Here i

Re: BASIC Authentication : Not working

gt; > Hi, > >I was trying a very basic example of authentication using HTTP Basic > > Authentication. However this seems not working in TOMCAT 6.0.20 for my > > application. Here is the web.xml which tells about login > > > > > > > > > >

Re: BASIC Authentication : Not working

> Hi, >I was trying a very basic example of authentication using HTTP Basic > Authentication. However this seems not working in TOMCAT 6.0.20 for my > application. Here is the web.xml which tells about login > > > > > application > > > > > > &

Re: [OT] Basic Authentication Failed with multibyte username

instance. > So there are only 2 choices possible : > > 1) the rules specify that the base64-decoded "userid:password" > string is always encoded using one specific charset. In the case of > HTTP, this would have to be iso-8859-1. > (And in that case, HTTP Basic Authenti

Re: [OT] Basic Authentication Failed with multibyte username

e64-decoded "userid:password" string is always encoded using one specific charset. In the case of HTTP, this would have to be iso-8859-1. (And in that case, HTTP Basic Authentication does not allow for non-iso-8859-1 userid's and passwords, and too bad for 80% of the world population)

Re: [OT] Basic Authentication Failed with multibyte username

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, (Marking OT because, well... just because). On 1/22/2010 2:59 PM, Warnier wrote: > Christopher Schultz wrote: >> That "authorization.getBytes()" is just asking for trouble, because it >> uses the platform default encoding to convert characters

Re: Basic Authentication Failed with multibyte username

Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 1/21/2010 6:35 PM, André Warnier wrote: Basically, I would tend to say that if the server knows who the clients are and vice-versa, you should be free to use any encoding you want, with the limitation that what

Re: Basic Authentication Failed with multibyte username

ch means it cannot be overridden by a subclass, which would be a nice feature. Maybe I'll fix all that. :) > Or, you drop the container-managed security, and you use something like > the SecurityFilter (http://securityfilter.sourceforge.net/), but read > the homepage carefully fi

Re: Basic Authentication Failed with multibyte username

To get back to the underlying issue : Auth Gábor wrote: So... this is the real chaos... :) Yes. By the way, my users are not use HTML browsers, they are using JAX-WS in their client program, and the JAX-WS sends authentication data in UTF-8 (like Opera), because the default encoding is U

Re: Basic Authentication Failed with multibyte username

Christopher Schultz wrote: ... Nice that someone looked at actual behavior of the browsers. There is an easy way to find out what really happens. Gábor, I presume that you have a workstation set for iso-8859-2 (or whichever non iso-8859-1 charset is appropriate for Magyar, I forgot), and a b

Re: Basic Authentication Failed with multibyte username

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gábor, On 1/21/2010 9:16 AM, Auth Gábor wrote: > Mark Thomas wrote: >>OCTET = >>CTL= > (octets 0 - 31) and DEL (127)> >> >> So actually, Tomcat is correct in the current treatment of creden

Re: Basic Authentication Failed with multibyte username

Hi, Mark Thomas wrote: >OCTET = >CTL= (octets 0 - 31) and DEL (127)> > > So actually, Tomcat is correct in the current treatment of credentials. > Therefore, not a bug. Yes, but the UTF-8 encoded text is contains any 8-bit sequence o

Re: Basic Authentication Failed with multibyte username

Mark Thomas wrote: On 21/01/2010 06:55, André Warnier wrote: Mark Thomas wrote: The authorisation header is base64 encoded so it is automatically compliant with RFC2616. Yes, it sounds like you're right; my mistake. (Also for Gabor, I admit my mistake.) I agree that the HTTP header itself is

Re: Basic Authentication Failed with multibyte username

On 21/01/2010 06:55, André Warnier wrote: > Mark Thomas wrote: >> The authorisation header is base64 >> encoded so it is automatically compliant with RFC2616. >> > Yes, it sounds like you're right; my mistake. > (Also for Gabor, I admit my mistake.) > > I agree that the HTTP header itself is corre

Re: Basic Authentication Failed with multibyte username

Mark Thomas wrote: On 21/01/2010 06:12, André Warnier wrote: Auth Gábor wrote: Hi, I've found a potential bug in the Basic Authentication module. I have users and some user's username is contains national characters (encoded in UTF-8). The HTTP header based authentication is fail

Re: Basic Authentication Failed with multibyte username

On 21/01/2010 06:12, André Warnier wrote: > Auth Gábor wrote: >> Hi, >> >> I've found a potential bug in the Basic Authentication module. I have >> users and some user's username is contains national characters >> (encoded in UTF-8). The HTTP heade

Re: Basic Authentication Failed with multibyte username

Hi, André Warnier wrote: >> I've found a potential bug in the Basic Authentication module. I have >> users and some user's username is contains national characters (encoded >> in UTF-8). The HTTP header based authentication is fails when the >> username

Re: Basic Authentication Failed with multibyte username

On 21/01/2010 05:54, Auth Gábor wrote: > Hi, > > I've found a potential bug in the Basic Authentication module. I have users > and some user's username is contains national characters (encoded in UTF-8). > The HTTP header based authentication is fails when the us

Re: Basic Authentication Failed with multibyte username

Auth Gábor wrote: Hi, I've found a potential bug in the Basic Authentication module. I have users and some user's username is contains national characters (encoded in UTF-8). The HTTP header based authentication is fails when the username or the password contains multibyte charact

Basic Authentication Failed with multibyte username

Hi, I've found a potential bug in the Basic Authentication module. I have users and some user's username is contains national characters (encoded in UTF-8). The HTTP header based authentication is fails when the username or the password contains multibyte characters. The root of

RE: Tomcat subdirectories BASIC authentication

pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Sun, 16 Aug 2009 10:59:22 +0200 > Subject: Re: Tomcat subdirectories BASIC authent

Re: Tomcat subdirectories BASIC authentication

Well, i've solved the problem. The problem was that the css style documents are in a subdirectories which user_2 didn't has the access. Adding the permission to user_2, pages are correctly displayed after BASIC authentication :) 2009/8/16 Gabriele Fatigati : > Hi Martin, > in th

Re: Tomcat subdirectories BASIC authentication

t; n'importe quel effet légalement obligatoire. Étant donné que les email > peuvent facilement être sujets à la manipulation, nous ne pouvons accepter > aucune responsabilité pour le contenu fourni. > > > > >> Date: Sat, 15 Aug 2009 19:56:18 +0200 >> Subject: Re:

Re: Tomcat subdirectories BASIC authentication

2009/8/15 Gabriele Fatigati : >> >>>> Bad reference to the css maybe? >>>> >>> Yes, to the css. >>> >>> 2009/8/15 Mark Thomas : >>> >>>> Gabriele Fatigati wrote: >>>> >>>&g

RE: Tomcat subdirectories BASIC authentication

> From: Martin Gainty [mailto:mgai...@hotmail.com] > Subject: RE: Tomcat subdirectories BASIC authentication > > could you read the servlet 3.0 spec at > http://jcp.org/aboutJava/communityprocess/pr/jsr315/index.html The servlet 3.0 spec is not appropriate; it's not approved

RE: Tomcat subdirectories BASIC authentication

Mark Thomas : > >>> Gabriele Fatigati wrote: > >>>> Well, > >>>> now i can authenticate subdirectories. But for some strange reason, > >>>> web pages, after BASIC authentication has very bad layout! I attached > >>>> an exam

Re: Tomcat subdirectories BASIC authentication

Gabriele Fatigati wrote: > Dear Marc, > My question was referred to css problem.. > After BASIC authentication, sometimes page layout is wrong. So, how > can avoid this? > > Your suggested me that maybe there are wrong css link in source pages. > I've checked and are co

Re: Tomcat subdirectories BASIC authentication

Dear Marc, My question was referred to css problem.. After BASIC authentication, sometimes page layout is wrong. So, how can avoid this? Your suggested me that maybe there are wrong css link in source pages. I've checked and are correct. 2009/8/15 Mark Thomas : > Gabriele Fatigati wrote

Re: Tomcat subdirectories BASIC authentication

Gabriele Fatigati wrote: > And very very strage, with user_1 pages has correct layout, with user 2 no! I think you need to read this. http://catb.org/~esr/faqs/smart-questions.html Mark > 2009/8/15 Gabriele Fatigati : >> Mm, >> there are css link in the source of the page. But i've checked and i

Re: Tomcat subdirectories BASIC authentication

: >>> Bad reference to the css maybe? >> >> Yes, to the css. >> >> 2009/8/15 Mark Thomas : >>> Gabriele Fatigati wrote: >>>> Well, >>>> now i can authenticate subdirectories. But for some strange reason, >>>> web pages, aft

Re: Tomcat subdirectories BASIC authentication

rote: >>> Well, >>> now i can authenticate subdirectories. But for some strange reason, >>> web pages, after BASIC authentication has very bad layout! I attached >>> an example. >> >> Attachments are blocked on this list so no-one can see your example. >

Re: Tomcat subdirectories BASIC authentication

> Bad reference to the css maybe? Yes, to the css. 2009/8/15 Mark Thomas : > Gabriele Fatigati wrote: >> Well, >> now i can authenticate subdirectories. But for some strange reason, >> web pages, after BASIC authentication has very bad layout! I attached >> a

Re: Tomcat subdirectories BASIC authentication

Gabriele Fatigati wrote: > Well, > now i can authenticate subdirectories. But for some strange reason, > web pages, after BASIC authentication has very bad layout! I attached > an example. Attachments are blocked on this list so no-one can see your example. > Why? Bad reference t

Re: Tomcat subdirectories BASIC authentication

Well, now i can authenticate subdirectories. But for some strange reason, web pages, after BASIC authentication has very bad layout! I attached an example. Why? 2009/8/15 David Smith : > Mark Thomas wrote: >> Gabriele Fatigati wrote: >> >>> I kow what is tag , but simpl

Re: Tomcat subdirectories BASIC authentication

Mark Thomas wrote: > Gabriele Fatigati wrote: > >> I kow what is tag , but simply i don't understand how i >> have to write security coinstraints. >> > > But you clearly don't know what a context path is. Read the servlet > spec. It explains this. > > >> You told me: >> >> "you don't ne

Re: Tomcat subdirectories BASIC authentication

Martin Gainty wrote: > if the proposed solution is not conformant to spec There is a spec compliant solution to the OPs question... > or is not a TC solution ...and Tomcat supports that spec compliant solution. > yelling at the op or anyone else Whose yelling? I don't see any shouting on this

RE: Tomcat subdirectories BASIC authentication

> From: gabriele.fatig...@gmail.com [mailto:gabriele.fatig...@gmail.com] > On Behalf Of Gabriele Fatigati > Subject: Re: Tomcat subdirectories BASIC authentication > > I kow what is tag , but simply i don't understand how i > have to write security coinstraints. As

RE: Tomcat subdirectories BASIC authentication

15 Aug 2009 13:04:02 +0100 > From: ma...@apache.org > To: users@tomcat.apache.org > Subject: Re: Tomcat subdirectories BASIC authentication > > Martin Gainty wrote: > > As we are learning > > There are some things that Tomcat can do and > > some things Tomcat cannot do >

Re: Tomcat subdirectories BASIC authentication

Martin Gainty wrote: > As we are learning > There are some things that Tomcat can do and > some things Tomcat cannot do There are may things you can't do with Tomcat. However, Tomcat can do this. > if you want to look at how other webappservers accomplish url-pattern and > security-constraint re

RE: Tomcat subdirectories BASIC authentication

; From: ma...@apache.org > To: users@tomcat.apache.org > Subject: Re: Tomcat subdirectories BASIC authentication > > Gabriele Fatigati wrote: > > I kow what is tag , but simply i don't understand how i > > have to write security coinstraints. > > But you clearly

Re: Tomcat subdirectories BASIC authentication

Gabriele Fatigati wrote: > I kow what is tag , but simply i don't understand how i > have to write security coinstraints. But you clearly don't know what a context path is. Read the servlet spec. It explains this. > You told me: > > "you don't need to include the context path in the elements"

Re: Tomcat subdirectories BASIC authentication

I kow what is tag , but simply i don't understand how i have to write security coinstraints. You told me: "you don't need to include the context path in the elements" And i renew my question :), What i have to write in in this specific case? 2009/8/15 Mark Thomas : > Gabriele Fatigati

Re: Tomcat subdirectories BASIC authentication

Gabriele Fatigati wrote: > Hi Mark, thanks for your reply. > But i didn't understarnd what you said. Where i have to define that > user_2 can access only in subdir_1? Can you give me an example? If you don't understand terms I used, you really need to read the servlet specification. Mark > > 20

Re: Tomcat subdirectories BASIC authentication

Hi Mark, thanks for your reply. But i didn't understarnd what you said. Where i have to define that user_2 can access only in subdir_1? Can you give me an example? 2009/8/15 Mark Thomas : > Gabriele Fatigati wrote: >> Wehere is a mistake? > > You don't need to include the context path in the elem

Re: Tomcat subdirectories BASIC authentication

Gabriele Fatigati wrote: > Wehere is a mistake? You don't need to include the context path in the elements. > Is it possible to do this in Tomcat 5.5? This is possible in all Tomcat versions. Mark - To unsubscribe, e-mail:

Tomcat subdirectories BASIC authentication

Dear Tomcat users, i would ask you if is it possibile in Tomcat 5.5 to protect subdirectories of my deployed application. I'll explain an example. Suppose i have deployed my app in /application. This application has two subdirectories, subdir_1, subdir_2, but only in the url not in the file system

Re: Basic authentication without a secure connection

There's one thing you may do: implement an authentication web service on tomcat's side. Make a wsdl service running on it accepting request on whether given encrypted session id is a valid one, service does check either a running session use that id and simply replies OK or KO. But that means imple

  1   2   >