You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by steven melendez <st...@yahoo.com> on 2003/01/16 22:15:22 UTC
new web application - inconsistent resource not found
Hi all,
I'm using tomcat 4.1.18 on windows 98, and am having
problems setting up new web applications. There
doesn't seem to be anything wrong with the web
applications as I can always get them to work in the
examples directory, but sometimes I get a resource not
found error message when trying to access pages in the
new directories/ web applications. Sometimes when I
have this problem I simply copy everything in this
problem directory and paste it into a new directory
that I create in webapps, and then it works.
I am not using server.xml to set up new contexts -
simply creating a new directory in webapps. I am
finding this a bit frustrating, as I restart tomcat,
restart my machine, and can't get it back, but then
suddenly it will just work again. I'm having no
problems in the examples directory - I can always
access this content when I am having problems with
other directories in webapps.
Any suggestions would be greatly appreciated.
Thanks,
-steven
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: new web application - inconsistent resource not found
Posted by Wilson Snook <op...@planman91.fsnet.co.uk>.
I am having what appears to be a very similar problem. What I have gleaned
from reading here is that if your application uses servelets, appropriate
<servlet-mapping> tags in the web.xml file in your 'webapps' directory might
solve your problem. Something along the lines of:
- <servlet-mapping>
<servlet-name>yourServlet</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
may be what you need (you may need a context in your server.xml file as
well). However, if your application uses beans I don't think this approach
will work. If it does, I hope somebody can help both of us because this
problem has been afflicting me for several days now.
Wilson
----- Original Message -----
From: "steven melendez" <st...@yahoo.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Thursday, January 16, 2003 9:15 PM
Subject: new web application - inconsistent resource not found
> Hi all,
>
> I'm using tomcat 4.1.18 on windows 98, and am having
> problems setting up new web applications. There
> doesn't seem to be anything wrong with the web
> applications as I can always get them to work in the
> examples directory, but sometimes I get a resource not
> found error message when trying to access pages in the
> new directories/ web applications. Sometimes when I
> have this problem I simply copy everything in this
> problem directory and paste it into a new directory
> that I create in webapps, and then it works.
>
> I am not using server.xml to set up new contexts -
> simply creating a new directory in webapps. I am
> finding this a bit frustrating, as I restart tomcat,
> restart my machine, and can't get it back, but then
> suddenly it will just work again. I'm having no
> problems in the examples directory - I can always
> access this content when I am having problems with
> other directories in webapps.
>
> Any suggestions would be greatly appreciated.
>
> Thanks,
> -steven
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Require a secure connection
Posted by shawn <ja...@koyuru.com>.
According to
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security5.html another
way would be to specify it in web.xml.
...
If you specify CONFIDENTIAL or INTEGRAL as a security constraint, that
type of security constraint applies to all requests that match the URL
patterns in the Web resource collection, not just to the login dialog.
Specify CONFIDENTIAL when the application requires that data be
transmitted so as to prevent other entities from observing the contents
of the transmission. Specify INTEGRAL when the application requires that
the data be sent between client and server in such a way that it cannot
be changed in transit. The following example code from a web.xml file
shows this setting in context:
<!-- SECURITY CONSTRAINT -->
<security-constraint>
<web-resource-collection>
<web-resource-name>WRCollection</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Shawn
On Fri, 2003-01-17 at 07:09, neal wrote:
> Does anyone know how to *require* that a page be accessed only via a secure
> connection?
>
> For instance, I *can* request a secure connection to a page by going to
> "https://" and the url ... but how do I prevent a user from going to
> "http://" to request that same page?
>
> Would this be a proxy thing or is something I can set in Tomcat? Is there
> something that wouldn't require the overhead of reflecting upon every single
> request at the Java level?
>
> Thanks.
> neal
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
--
shawn <ja...@koyuru.com>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Require a secure connection
Posted by Tim Funk <fu...@joedog.org>.
This should be it ...
http://marc.theaimsgroup.com/?l=tomcat-user&m=99616711404780&w=2
-Tim
neal wrote:
> Does anyone know how to *require* that a page be accessed only via a secure
> connection?
>
> For instance, I *can* request a secure connection to a page by going to
> "https://" and the url ... but how do I prevent a user from going to
> "http://" to request that same page?
>
> Would this be a proxy thing or is something I can set in Tomcat? Is there
> something that wouldn't require the overhead of reflecting upon every single
> request at the Java level?
>
> Thanks.
> neal
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Require a secure connection
Posted by Jon Eaves <jo...@eaves.org>.
Hi Neal,
<security-constraint>
<display-name>Web Booking</display-name>
<web-resource-collection>
<web-resource-name>Web Booking
</web-resource-name>
<url-pattern>/web/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>
Will do what you want. This will switch the transport to HTTPS.
You can also check programatically using "request.isSecure()"
in the servlet to make sure the administrator has installed
your application and SSL correctly.
neal wrote:
> Does anyone know how to *require* that a page be accessed only via a secure
> connection?
>
> For instance, I *can* request a secure connection to a page by going to
> "https://" and the url ... but how do I prevent a user from going to
> "http://" to request that same page?
>
> Would this be a proxy thing or is something I can set in Tomcat? Is there
> something that wouldn't require the overhead of reflecting upon every single
> request at the Java level?
>
> Thanks.
> neal
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
Jon Eaves <jo...@eaves.org>
http://www.eaves.org/jon/
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Require a secure connection
Posted by mwm <to...@ward-murphy.co.uk>.
There's also a <transport-guarantee> element for web.xml that's supposed to
be handy for doing this declaratively.
Mike.
----- Original Message -----
From: "Andy Eastham" <an...@gliant.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Thursday, January 16, 2003 10:29 PM
Subject: RE: Require a secure connection
try:
if (!request.isSecure())
{
// abort code here
}
You can put this in a superclass of all your secure servlets if you like.
Andy
> -----Original Message-----
> From: neal [mailto:nealcabage@yahoo.com]
> Sent: 16 January 2003 22:09
> To: Tomcat Users List
> Subject: Require a secure connection
>
>
> Does anyone know how to *require* that a page be accessed only
> via a secure
> connection?
>
> For instance, I *can* request a secure connection to a page by going to
> "https://" and the url ... but how do I prevent a user from going to
> "http://" to request that same page?
>
> Would this be a proxy thing or is something I can set in Tomcat? Is there
> something that wouldn't require the overhead of reflecting upon
> every single
> request at the Java level?
>
> Thanks.
> neal
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Require a secure connection
Posted by Andy Eastham <an...@gliant.com>.
try:
if (!request.isSecure())
{
// abort code here
}
You can put this in a superclass of all your secure servlets if you like.
Andy
> -----Original Message-----
> From: neal [mailto:nealcabage@yahoo.com]
> Sent: 16 January 2003 22:09
> To: Tomcat Users List
> Subject: Require a secure connection
>
>
> Does anyone know how to *require* that a page be accessed only
> via a secure
> connection?
>
> For instance, I *can* request a secure connection to a page by going to
> "https://" and the url ... but how do I prevent a user from going to
> "http://" to request that same page?
>
> Would this be a proxy thing or is something I can set in Tomcat? Is there
> something that wouldn't require the overhead of reflecting upon
> every single
> request at the Java level?
>
> Thanks.
> neal
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Require a secure connection
Posted by Milt Epstein <me...@uiuc.edu>.
On Thu, 16 Jan 2003, neal wrote:
> Does anyone know how to *require* that a page be accessed only via a
> secure connection?
>
> For instance, I *can* request a secure connection to a page by going
> to "https://" and the url ... but how do I prevent a user from going
> to "http://" to request that same page?
>
> Would this be a proxy thing or is something I can set in Tomcat? Is
> there something that wouldn't require the overhead of reflecting
> upon every single request at the Java level?
>
> Thanks.
> neal
I think if you're using Tomcat standalone, the <security-constraint>
technique that others have mentioned is the way to go. But if you're
using Tomcat behind Apache, you should be able to control this by
controlling what resources are available to each "instance" of the
server (with http being one instance and https being another). For
example, you can set them up as separate virtual hosts, and then
control what resources are accessible within each virtual host. Works
for us.
Milt Epstein
Research Programmer
Integration and Software Engineering (ISE)
Campus Information Technologies and Educational Services (CITES)
University of Illinois at Urbana-Champaign (UIUC)
mepstein@uiuc.edu
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Require a secure connection
Posted by neal <ne...@yahoo.com>.
Does anyone know how to *require* that a page be accessed only via a secure
connection?
For instance, I *can* request a secure connection to a page by going to
"https://" and the url ... but how do I prevent a user from going to
"http://" to request that same page?
Would this be a proxy thing or is something I can set in Tomcat? Is there
something that wouldn't require the overhead of reflecting upon every single
request at the Java level?
Thanks.
neal
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: new web application - inconsistent resource not found
Posted by steven melendez <st...@yahoo.com>.
Thanks for responding. I can add a bit of detail.
What I have is a couple of jsp files and a couple of
servlets. I put them in the examples directory, the
jsp in the top level, and the servlets in the
web-inf/classes directory. I do not edit the web.xml
in this directory, and the application works.
I move to another directory, and set up the same
structure, but with a new web.xml file - it is the
bare minimum one found in webapps/ROOT/web-inf. Since
I didn't add my servlets to the web.xml in the
examples directory and the servlets worked fine, I am
wondering why they don't work (or very inconsistently)
in the new directory, even if i now add them to the
web.xml similarly to this:
<servlet>
<servlet-name>AddToSC</servlet-name>
<servlet-class>cart.AddToSCServlet</servlet-class>
</servlet>
any more ideas would again be appreciated.
--- Will Hartung <wi...@msoft.com> wrote:
> > From: "steven melendez" <st...@yahoo.com>
> > Sent: Thursday, January 16, 2003 1:15 PM
> > Subject: new web application - inconsistent
> resource not found
>
>
> > I am not using server.xml to set up new contexts -
> > simply creating a new directory in webapps. I am
> > finding this a bit frustrating, as I restart
> tomcat,
> > restart my machine, and can't get it back, but
> then
> > suddenly it will just work again. I'm having no
> > problems in the examples directory - I can always
> > access this content when I am having problems with
> > other directories in webapps.
>
> Are you just directly playing with the directory, or
> are you closely
> following the WAR structure for you apps (with
> WEB-INF, web.xml, et al)?
>
> Without more detail it is hard to say, but I would
> ensure that your app
> followings the WAR structure first, and then start
> from there to debug it.
>
> Regards,
>
> Will Hartung
> (willh@msoft.com)
>
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: new web application - inconsistent resource not found
Posted by Will Hartung <wi...@msoft.com>.
> From: "steven melendez" <st...@yahoo.com>
> Sent: Thursday, January 16, 2003 1:15 PM
> Subject: new web application - inconsistent resource not found
> I am not using server.xml to set up new contexts -
> simply creating a new directory in webapps. I am
> finding this a bit frustrating, as I restart tomcat,
> restart my machine, and can't get it back, but then
> suddenly it will just work again. I'm having no
> problems in the examples directory - I can always
> access this content when I am having problems with
> other directories in webapps.
Are you just directly playing with the directory, or are you closely
following the WAR structure for you apps (with WEB-INF, web.xml, et al)?
Without more detail it is hard to say, but I would ensure that your app
followings the WAR structure first, and then start from there to debug it.
Regards,
Will Hartung
(willh@msoft.com)
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>