You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Dipl.-Ing. Holger Evers | Cybay New Media" <ev...@cybay.de> on 2006/11/23 16:29:24 UTC

Tomcat5: Losing JDBCRealm session starting application with own session

Hello,

i've set up my Tomcat with form based authentication and a JDBCRealm
(besides i use an AJP-Connector to attach it to Apache1.3). Everything works
fine when calling simple jsp-files such as the jsp-examples. Unfortunately
the application i want restricted access for uses sessions itself. I have
not written it by myself, but it uses the global Tomcat "session" object.
When i login on a page without session use and then start the application i
am redirected to the login page again, same when pushing the "back" button.
My conclusion is that the JDBCRealm uses the same session as my application.
When i'm right, is there any possibility to change this?


Viele Grüße

Holger Evers

-- 
Dipl.-Ing. Holger Evers | Entwicklung
Cybay New Media GmbH | http://www.cybay.de 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Security restriction

Posted by Dima Retov <di...@axisway.com>.

http://java.sun.com/j2se/1.5.0/docs/api/java/lang/SecurityManager.html

You can apply your own Security Manager like web browser does with
applets. 


Thursday, November 23, 2006, 6:45:00 PM, you wrote:



AK> Hello,

AK>       i have a quick question.

AK>       if i wanted to restrict what directories tomcat server sees or
AK>       if i want to prevent someone running System.exec( "delete
AK>       everything!!!" ) where would i start?






-- 
Best regards,
 Dima                            mailto:dima@axisway.com



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Security restriction

Posted by Alex Korneyev <ak...@mindspring.com>.

Hello,

      i have a quick question.

      if i wanted to restrict what directories tomcat server sees or
      if i want to prevent someone running System.exec( "delete
      everything!!!" ) where would i start?



-- 
Best regards,
 Alex                            mailto:akorneyev@mindspring.com


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat5: Losing JDBCRealm session starting application with own session

Posted by "Dipl.-Ing. Holger Evers | Cybay New Media" <ev...@cybay.de>.

Hi,

> What do you mean by "start the application" ? Restart tomcat ?

no, i just meant calling the pages i want to restrict. There is a "start
page" without internal session management (except for the RDBCRealm) where
everything works, but "the application" behind uses sessions. The Tomcat
isn't restartet of course.


Viele Grüße

Holger Evers

-- 
Dipl.-Ing. Holger Evers | Entwicklung
Cybay New Media GmbH | http://www.cybay.de 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat5: Losing JDBCRealm session starting application with own session

Posted by olivier nouguier <ol...@gmail.com>.

hi
What do you mean by "start the application" ? Restart tomcat ?

On 11/23/06, Dipl.-Ing. Holger Evers | Cybay New Media <ev...@cybay.de> wrote:
> Hello,
>
> i've set up my Tomcat with form based authentication and a JDBCRealm
> (besides i use an AJP-Connector to attach it to Apache1.3). Everything works
> fine when calling simple jsp-files such as the jsp-examples. Unfortunately
> the application i want restricted access for uses sessions itself. I have
> not written it by myself, but it uses the global Tomcat "session" object.
> When i login on a page without session use and then start the application i
> am redirected to the login page again, same when pushing the "back" button.
> My conclusion is that the JDBCRealm uses the same session as my application.
> When i'm right, is there any possibility to change this?
>
>
> Viele Grüße
>
> Holger Evers
>
> --
> Dipl.-Ing. Holger Evers | Entwicklung
> Cybay New Media GmbH | http://www.cybay.de
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
"Souviens-toi qu'au moment de ta naissance tout le monde était dans la
joie et toi dans les pleurs.
 Vis de manière qu'au moment de ta mort, tout le monde soit dans les
pleurs et toi dans la joie."

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org