You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Gerrit Schimpf <ev...@gmx.de> on 2001/04/12 11:46:53 UTC

first getSession after tomcat start

hi,

I've some problems with SessionHandling. The first time i call getSession
after i've started tomcat. I have to wait about 60 seconds until the page will
be shown. I have this problem im my own servlets, and in the examples from
tomcat!

sy
Gerrit

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

RE: JDBCRealms

Posted by Ricardo Gladwell <ri...@ubqtmedia.com>.

To secure you web application you need to add the following sequence to the
web.xml file for the web application you want to secure, amended for your
own needs:

	<security-constraint>

		<web-resource-collection>
			<web-resource-name>Intranet</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>

		<auth-constraint>
			<role-name>IntranetUser</role-name>
		</auth-constraint>

	</security-constraint>

	<login-config>
		<auth-method>BASIC</auth-method>
		<realm-name>UBQT Media Intranet</realm-name>
	</login-config>

The <web-resource-collection> details the areas and access points of your
application you wish to secure. The <web-resource-name> *appears* to be just
an identifier for the particular web-resource, but with documentation for
this feature being very thin on the ground it's dificult to say for sure.
The <url-pattern> tag allows you to specify wildcard filters to determine
which files are to be secured. For example,
<url-pattern>/*.jsp</url-pattern> will only ask for authentication for your
JSP files. You may also add <http-method> tags to limit authentication to
specific HTTP methods, such as GET or POST. By default all HTTP methods will
be authenticated.

The <auth-constraint> specifies the authentication constraints on users. For
example, the <role-name> tags allows you to specify that only users that
members of certain roles have access.

Finally, the <login-config> group allows you specify the authentication
method (which must be either BASIC or FORM). The <realm-name> tag allows you
specify the domain/realm name that will appear in the password dialog for
the client.

Hope that was helpful, yours...

--
Ricardo Gladwell
UBQT Media PLC, Windsor
Mobile: (07779) 841 444

> -----Original Message-----
> From: Leon Palermo [mailto:leonp@zedak.com]
> Sent: 12 April 2001 15:00
> To: tomcat-user@jakarta.apache.org
> Subject: JDBCRealms
>
>
> Hello,
>
> I have set up my database tables and the appropriate RequestInterceptor in
> my server.xml file.  Can someone show me an example of what
> should be in the
> web.xml file (including roles) to utilize the JDBCRealm?  Thanks
> in advance!
>
> Leon Palermo
>

JDBCRealms

Posted by Leon Palermo <le...@zedak.com>.

Hello,

I have set up my database tables and the appropriate RequestInterceptor in
my server.xml file.  Can someone show me an example of what should be in the
web.xml file (including roles) to utilize the JDBCRealm?  Thanks in advance!

Leon Palermo