You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Dipl.-Ing. Holger Evers | Cybay New Media" <ev...@cybay.de> on 2006/11/23 16:29:24 UTC
Tomcat5: Losing JDBCRealm session starting application with own session
Hello,
i've set up my Tomcat with form based authentication and a JDBCRealm
(besides i use an AJP-Connector to attach it to Apache1.3). Everything works
fine when calling simple jsp-files such as the jsp-examples. Unfortunately
the application i want restricted access for uses sessions itself. I have
not written it by myself, but it uses the global Tomcat "session" object.
When i login on a page without session use and then start the application i
am redirected to the login page again, same when pushing the "back" button.
My conclusion is that the JDBCRealm uses the same session as my application.
When i'm right, is there any possibility to change this?
Viele Grüße
Holger Evers
--
Dipl.-Ing. Holger Evers | Entwicklung
Cybay New Media GmbH | http://www.cybay.de
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Security restriction
Posted by Dima Retov <di...@axisway.com>.
http://java.sun.com/j2se/1.5.0/docs/api/java/lang/SecurityManager.html
You can apply your own Security Manager like web browser does with
applets.
Thursday, November 23, 2006, 6:45:00 PM, you wrote:
AK> Hello,
AK> i have a quick question.
AK> if i wanted to restrict what directories tomcat server sees or
AK> if i want to prevent someone running System.exec( "delete
AK> everything!!!" ) where would i start?
--
Best regards,
Dima mailto:dima@axisway.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Security restriction
Posted by Alex Korneyev <ak...@mindspring.com>.
Hello,
i have a quick question.
if i wanted to restrict what directories tomcat server sees or
if i want to prevent someone running System.exec( "delete
everything!!!" ) where would i start?
--
Best regards,
Alex mailto:akorneyev@mindspring.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat5: Losing JDBCRealm session starting application with own session
Posted by "Dipl.-Ing. Holger Evers | Cybay New Media" <ev...@cybay.de>.
Hi,
> What do you mean by "start the application" ? Restart tomcat ?
no, i just meant calling the pages i want to restrict. There is a "start
page" without internal session management (except for the RDBCRealm) where
everything works, but "the application" behind uses sessions. The Tomcat
isn't restartet of course.
Viele Grüße
Holger Evers
--
Dipl.-Ing. Holger Evers | Entwicklung
Cybay New Media GmbH | http://www.cybay.de
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat5: Losing JDBCRealm session starting application with own session
Posted by olivier nouguier <ol...@gmail.com>.
hi
What do you mean by "start the application" ? Restart tomcat ?
On 11/23/06, Dipl.-Ing. Holger Evers | Cybay New Media <ev...@cybay.de> wrote:
> Hello,
>
> i've set up my Tomcat with form based authentication and a JDBCRealm
> (besides i use an AJP-Connector to attach it to Apache1.3). Everything works
> fine when calling simple jsp-files such as the jsp-examples. Unfortunately
> the application i want restricted access for uses sessions itself. I have
> not written it by myself, but it uses the global Tomcat "session" object.
> When i login on a page without session use and then start the application i
> am redirected to the login page again, same when pushing the "back" button.
> My conclusion is that the JDBCRealm uses the same session as my application.
> When i'm right, is there any possibility to change this?
>
>
> Viele Grüße
>
> Holger Evers
>
> --
> Dipl.-Ing. Holger Evers | Entwicklung
> Cybay New Media GmbH | http://www.cybay.de
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
"Souviens-toi qu'au moment de ta naissance tout le monde était dans la
joie et toi dans les pleurs.
Vis de manière qu'au moment de ta mort, tout le monde soit dans les
pleurs et toi dans la joie."
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org