You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Thomas Nybro Bolding <th...@danskebank.dk> on 2004/06/24 10:26:43 UTC

Vedr.: Re: tomcat 5.0.25 and windows 2003

If you going to integrate Tomcat with IIS 6.0 remember to put IIS into IIS 
5.0 isolation mode.

There are several documents describing the IIS-Tomcat integration process 
just Google for it! This one might be helpfull: 
http://virtualict.net/support/kb/iis6-Tomcat5-JK2.html

Best regards Thomas




zhicheng wang <wa...@yahoo.co.uk>
24-06-2004 10:20
Besvar venligst til "Tomcat Users List"

 
        Til:    Tomcat Users List <to...@jakarta.apache.org>
        cc: 
        Vedr.:  Re: tomcat 5.0.25 and windows 2003



thanks


--- Joao Medeiros <jm...@freenet.co.uk> wrote: >
I'm running Tomcat 5.0.25 on 2003 with Apache and
> JK2 and it works fine
> --JM
> 
> zhicheng wang wrote:
> 
> >dear all
> >
> >does any one know if tomcat 5.0.25 runs on windows
> >server 2003 smoothly? also if IIS also running (on
> >different port), will they live in the same server
> >well?
> >
> >thanks
> >cheng
> >
> >=====
> >Best wishes
> >Z C Wang
> >
> >
> > 
> > 
> > 
>
>___________________________________________________________ALL-NEW
> Yahoo! Messenger - sooooo many all-new ways to
> express yourself http://uk.messenger.yahoo.com
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> >
> >
> > 
> >
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 
> 

=====
Best wishes
Z C Wang


 
 
 
___________________________________________________________ALL-NEW Yahoo! 
Messenger - sooooo many all-new ways to express yourself http://uk.messenger.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org





<FONT SIZE=1 FACE="Arial">_______________
Vi goer opmaerksom paa, at denne e-mail kan indeholde fortrolig information. Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi dig slette e-mailen i dit system uden at videresende eller kopiere den.
Selv om e-mailen og ethvert vedhaeftet bilag efter vores overbevisning er fri for virus og andre fejl, som kan paavirke computeren eller it-systemet, hvori den modtages og laeses, aabnes den paa modtagerens eget ansvar. Vi paatager os ikke noget ansvar for tab og skade, som er opstaaet i forbindelse med at modtage og bruge e-mailen.
_______________
Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it.
Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message.
</FONT>

Re: SingleSignOn

Posted by Mike Fowler <to...@mlfowler.com>.
Hi Thomas,

The reason you can't log off from the second app is that web apps can
not talk to one another. Additionally, with the SingleSignOn feature
when you leave a web app with out invalidating the session, it remains
attached to the SingleSignOn session. The SingleSignOn session does not
expire until all attached sessions are invalid.

One solution is to set a time-out on the log in web app's session to
something like 30 seconds once you authenticate the user and are about
to move to the second web app:

httpServletRequest.getSession().setMaxInactiveInterval(30);

Once in the second web-app you must create a session otherwise when the
log in session expires you will lose the SingleSignOn and the user will
have to reauthenticate. Now when you invalidate the second web-apps
session the SingleSignOn will be scrubbed.

A better solution is web-sphere's extension to HttpSession,
invalidateAll() which causes all sessions attached to the authenticated
user to be invalidated. Sun suggested this in the original drafts for
the servlet API version 2.4, but it didn't make the final draft.
However, it is easy to implement in Tomcat. I haven't made the
modification to the clusters as I don't use them in my set-up, but the 
code changes are as follows:

-javax.servlet.http.HttpSession.java
	add the line:

     public void invalidateAll();

-org.apache.catalina.Session.java
	add the lines:

     public static final String INVALIDATE_ALL_SESSIONS =
	"invalidateAllSessions";

-org.apache.catalina.session.StandardSession.java
	add the lines:

     public void invalidateAll()
     {
         fireSessionEvent(Session.INVALIDATE_ALL_SESSIONS, null);
     }

-org.apache.catalina.session.StandardSessionFacade.java
	add the lines:

     public void invalidateAll()
     {
         this.session.invalidateAll();
     }

-org.apache.catalina.cluster.session.DeltaSession.java
	add the lines:

     public void invalidateAll()
     {
         //not using clusters, but need to implement interface
     }

-org.apache.catalina.cluster.session.DeltaSessionFacade.java
	add the lines:

     public void invalidateAll()
     {
         this.session.invalidateAll();
     }

-org.apache.catalina.cluster.session.ReplicatedSession.java
	add the lines:

     public void invalidateAll()
     {
         //not using clusters, but need to implement interface
     }

-org.apache.catalina.authenticator.SingleSignOn.java
	in the method sessionEvent(SessionEvent event) add the lines:

     // Catch our event to destroy the single session sign on session and
     // all attached sessions
         log("Session event fired. Event type: " + event.getType());
         if (Session.INVALIDATE_ALL_SESSIONS.equals(event.getType()))
         {
             // Look up the single session id associated with this
             // session (if any)
             Session session = event.getSession();
             if (debug >= 1)
             {
                 log("Destroying SSO Session: " + session);
             }
             String ssoId = null;
             synchronized (reverse)
             {
                 ssoId = (String) reverse.get(session);
             }
             if (ssoId == null)
             {
                 log("Nothing to deregister");
                 return;
             }
             deregister(ssoId);
             log("Deregistered.");
         }

Hope this helps!

-Mike Fowler
"I could be a genius if I just put my mind to it, and I,
I could do anything, if only I could get 'round to it"



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org