You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kevin Andryc <ka...@miser.umass.edu> on 2002/07/04 21:46:04 UTC
j_security_check question: RequestDispatcher .forward!! PLZ HELP!
OK,
So I found that I can access my servlet if I don't use the
RequestDispatcher .forward method. In other words, when I try and access my
page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a login
JSP form that I specified. When I login successfully,the login page
reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
.forward method instead of using a PrintWriter to send back the response.
Why can I not use the RequestDispatcher, if I can, how???
Below is some code.
Web.xml
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/servlet/*</url-pattern>
<url-pattern>/jsp/security/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>user</role-name>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/login.jsp</form-login-page>
<form-error-page>/jsp/security/error.jsp</form-error-page>
</form-login-config>
</login-config>
ProtectedPage.java
public class ProtectedPage extends HttpServlet {
// Default constructor
public ProtectedPage() {
super();
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
{
performTask(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse
response) {
performTask(request, response);
}
public void performTask(HttpServletRequest request, HttpServletResponse
response) {
try {
String jspPage = "index.jsp";
RequestDispatcher rd =
getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
rd.forward(request, response);
}
catch(Exception e) {
e.printStackTrace();
}
}
}
index.jsp
<html>
<head>
<title>Protected Page for Examples</title>
</head>
<body bgcolor="white">
You are logged in as remote user <b><%= request.getRemoteUser() %></b>
in session <b><%= session.getId() %></b><br><br>
<%
if (request.getUserPrincipal() != null) {
%>
Your user principal name is
<b><%= request.getUserPrincipal().getName() %></b><br><br>
<%
} else {
%>
No user principal could be identified.<br><br>
<%
}
%>
<%
String role = request.getParameter("role");
if (role == null)
role = "";
if (role.length() > 0) {
if (request.isUserInRole(role)) {
%>
You have been granted role <b><%= role %></b><br><br>
<%
} else {
%>
You have <i>not</i> been granted role <b><%= role %></b><br><br>
<%
}
}
%>
</body>
</html>
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: j_security_check question: RequestDispatcher .forward!! PLZ HELP!
Posted by Kevin Andryc <ka...@miser.umass.edu>.
I was wondering if anyone had an answer to this or should I e-mail the
Developers group? I found this snippet on the web and tried what they
suggested and it still doesn't work:
[begin quote]
One approach that will work in Tomcat 4.0 (because it was planned that way
in
the servlet 2.3 spec) is based on the following reasoning:
* Security constraints are imposed only on the original request URI,
not when doing RequestDispatcher.include or RequestDispatcher.forward
* Therefore, we can prohibit direct access to servlets (or JSP pages) by
protecting them with a security constraint that disallowed access.
* In 2.3, if you define a security contraint that has an <auth-constraint>
element with no nested <role-name> elements, the container interprets
this to mean that absolutely no direct access to the protected URIs
is allowed via requests -- they can only be accessed indirectly via
a RequestDispatcher.
* You can simulate this behavior in 2.2 by using a security constraint with
a <role-name> to which no users have been assigned.
Doing this forces all requests to come through your controller servlet,
because
none of the JSP pages would be directly accessible.
[end quote]
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
-----Original Message-----
From: Kevin Andryc [mailto:kandryc@miser.umass.edu]
Sent: Thursday, July 04, 2002 05:31 PM
To: Tomcat Users List
Subject: RE: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!
I am currently using Tomcat 4.0.4. My problem is that when I use the
RequestDispatcher and forward the request to the index.jsp page, it does not
work. Instead I get the login page. If you look at ProtectedPage.java, you
can see I forward the request to the index.jsp page. If it worked correctly,
I would type in (http://localhost:8080/dev/servlet/ProtectedPage) and a
login prompt would appear (login.jsp). Once I successfully logged in, I
should then go to my servlet (ProtectedPage), which should show index.jsp.
Instead, I get the login.jsp form when I successfully log in. When I changed
the ProtectedPage.java code so that it doesn't use the RequestDispatcher and
instead used a PrintWriter, it works fine. My question is, why can I not use
the RequestDispatcher??
Thanks for your help :).
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
-----Original Message-----
From: Craig R. McClanahan [mailto:craigmcc@apache.org]
Sent: Thursday, July 04, 2002 05:25 PM
To: Tomcat Users List
Subject: Re: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!
On Thu, 4 Jul 2002, Kevin Andryc wrote:
> Date: Thu, 04 Jul 2002 15:46:04 -0400
> From: Kevin Andryc <ka...@miser.umass.edu>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: j_security_check question: RequestDispatcher .forward!! PLZ HELP!
>
> OK,
> So I found that I can access my servlet if I don't use the
> RequestDispatcher .forward method. In other words, when I try and access
my
> page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a login
> JSP form that I specified. When I login successfully,the login page
> reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
> .forward method instead of using a PrintWriter to send back the response.
> Why can I not use the RequestDispatcher, if I can, how???
>
If you are using Tomcat 3.x, you'll have a problem with your example code
below, because you've got the form login page inside your protected area.
That works fine in Tomcat 4, however. In Tomcat 3, move your login page
to some directory that is *not* protected by a security constraint.
What is not obvious from your question is what it is, exactly, that you
are asking. You seem to claim that you cannot use a request dispatcher,
but your code is doing exactly that. So what is the problem?
Craig
> Below is some code.
>
> Web.xml
> <security-constraint>
> <display-name>Example Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/servlet/*</url-pattern>
> <url-pattern>/jsp/security/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>user</role-name>
> <role-name>tomcat</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Default login configuration uses form-based authentication -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/jsp/security/login.jsp</form-login-page>
> <form-error-page>/jsp/security/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> ProtectedPage.java
> public class ProtectedPage extends HttpServlet {
>
> // Default constructor
> public ProtectedPage() {
> super();
> }
>
> public void doGet(HttpServletRequest request, HttpServletResponse
response)
> {
> performTask(request, response);
> }
>
> public void doPost(HttpServletRequest request, HttpServletResponse
> response) {
> performTask(request, response);
> }
>
> public void performTask(HttpServletRequest request,
HttpServletResponse
> response) {
>
> try {
> String jspPage = "index.jsp";
> RequestDispatcher rd =
> getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
> rd.forward(request, response);
> }
> catch(Exception e) {
> e.printStackTrace();
> }
> }
> }
>
> index.jsp
> <html>
> <head>
> <title>Protected Page for Examples</title>
> </head>
> <body bgcolor="white">
>
> You are logged in as remote user <b><%= request.getRemoteUser() %></b>
> in session <b><%= session.getId() %></b><br><br>
>
> <%
> if (request.getUserPrincipal() != null) {
> %>
> Your user principal name is
> <b><%= request.getUserPrincipal().getName() %></b><br><br>
> <%
> } else {
> %>
> No user principal could be identified.<br><br>
> <%
> }
> %>
>
> <%
> String role = request.getParameter("role");
> if (role == null)
> role = "";
> if (role.length() > 0) {
> if (request.isUserInRole(role)) {
> %>
> You have been granted role <b><%= role %></b><br><br>
> <%
> } else {
> %>
> You have <i>not</i> been granted role <b><%= role %></b><br><br>
> <%
> }
> }
> %>
> </body>
> </html>
>
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> kandryc@miser.umass.edu
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Tomcat 4.0.4 Realm Question
Posted by Eddie Bush <ek...@swbell.net>.
Which connector are you using? Is this TC stand-alone or TC + Apache?
IF this is TC + Apache AND the "files you're protecting" happen to be
static content, it's possible Apache is serving them and bypassing your
security constraints. If, for example, you're running TC + Apache +
mod_jk (my setup), then I can personally guarantee you that this will be
the exact behavior with static content :-) LOL I spent several hours
trying to set up a security constraint on a FULLY STATIC application
(/tomcat-docs) before I stopped and realized that there was no way it
COULD protect it!
If this fits your situation, you need to look at how Apache can deny
access to the directory - or - change it to dynamic content (JSPs
instead of HTMLs).
Regards,
Eddie
Kevin Andryc wrote:
>I was wondering how I can protect certain servlet subdirectories. For
>example, lets say that in WEB-INF/classes I have two subdirectories: app1
>and app2. How do I use the security-constraint to protect (force the user to
>login) app1 but not have them login to classes in app2? I have tried this in
>my web.xml file, but the login page doesn't appear and I go directly to the
>page:
>
><security-constraint>
> <display-name>Example Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <url-pattern>/servlet/app1.*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>usr</role-name>
> </auth-constraint>
> </security-constraint>
>
>Is this possible? If so, how can this be achieved?
>
>Kevin
>
>Kevin Andryc
>Web Systems Engineer
>MISER
>http://www.umass.edu/miser/
>Phone: (413)-545-3460
>kandryc@miser.umass.edu
>
>
>
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Tomcat 4.0.4 Realm Question
Posted by Kevin Andryc <ka...@miser.umass.edu>.
I was wondering how I can protect certain servlet subdirectories. For
example, lets say that in WEB-INF/classes I have two subdirectories: app1
and app2. How do I use the security-constraint to protect (force the user to
login) app1 but not have them login to classes in app2? I have tried this in
my web.xml file, but the login page doesn't appear and I go directly to the
page:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/servlet/app1.*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>usr</role-name>
</auth-constraint>
</security-constraint>
Is this possible? If so, how can this be achieved?
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Tomcat 4.0.4 Realm Question
Posted by Kevin Andryc <ka...@miser.umass.edu>.
I was wondering how I can protect certain servlet subdirectories. For
example, lets say that in WEB-INF/classes I have two subdirectories: app1
and app2. How do I use the security-constraint to protect (force the user to
login) app1 but not have them login to classes in app2? I have tried this in
my web.xml file, but the login page doesn't appear and I go directly to the
page:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/servlet/app1.*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>usr</role-name>
</auth-constraint>
</security-constraint>
Is this possible? If so, how can this be achieved?
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: j_security_check question: RequestDispatcher .forward!! PLZ HELP!
Posted by Kevin Andryc <ka...@miser.umass.edu>.
I do have cookies turned on. Like I said, it works fine when I do not use
the RequestDispatcher, so I am stuck on why it doesn't work. I appreciate
your help!
Sincerely,
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
-----Original Message-----
From: Craig R. McClanahan [mailto:craigmcc@apache.org]
Sent: Thursday, July 04, 2002 05:41 PM
To: Tomcat Users List
Subject: RE: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!
On Thu, 4 Jul 2002, Kevin Andryc wrote:
> Date: Thu, 04 Jul 2002 17:30:53 -0400
> From: Kevin Andryc <ka...@miser.umass.edu>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: RE: j_security_check question: RequestDispatcher .forward!! PLZ
> HELP!
>
> I am currently using Tomcat 4.0.4. My problem is that when I use the
> RequestDispatcher and forward the request to the index.jsp page, it does
not
> work. Instead I get the login page. If you look at ProtectedPage.java, you
> can see I forward the request to the index.jsp page. If it worked
correctly,
> I would type in (http://localhost:8080/dev/servlet/ProtectedPage) and a
> login prompt would appear (login.jsp). Once I successfully logged in, I
> should then go to my servlet (ProtectedPage), which should show index.jsp.
> Instead, I get the login.jsp form when I successfully log in. When I
changed
> the ProtectedPage.java code so that it doesn't use the RequestDispatcher
and
> instead used a PrintWriter, it works fine. My question is, why can I not
use
> the RequestDispatcher??
>
One other thing to check is that you have cookies turned on. Form based
login requires the use of a session, and that means you need cookies since
you are not doing URL rewriting.
> Thanks for your help :).
>
> Kevin
Craig
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> kandryc@miser.umass.edu
>
>
>
> -----Original Message-----
> From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> Sent: Thursday, July 04, 2002 05:25 PM
> To: Tomcat Users List
> Subject: Re: j_security_check question: RequestDispatcher .forward!! PLZ
> HELP!
>
>
> On Thu, 4 Jul 2002, Kevin Andryc wrote:
>
> > Date: Thu, 04 Jul 2002 15:46:04 -0400
> > From: Kevin Andryc <ka...@miser.umass.edu>
> > Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> > To: Tomcat Users List <to...@jakarta.apache.org>
> > Subject: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!
> >
> > OK,
> > So I found that I can access my servlet if I don't use the
> > RequestDispatcher .forward method. In other words, when I try and access
> my
> > page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a
login
> > JSP form that I specified. When I login successfully,the login page
> > reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
> > .forward method instead of using a PrintWriter to send back the
response.
> > Why can I not use the RequestDispatcher, if I can, how???
> >
>
> If you are using Tomcat 3.x, you'll have a problem with your example code
> below, because you've got the form login page inside your protected area.
> That works fine in Tomcat 4, however. In Tomcat 3, move your login page
> to some directory that is *not* protected by a security constraint.
>
> What is not obvious from your question is what it is, exactly, that you
> are asking. You seem to claim that you cannot use a request dispatcher,
> but your code is doing exactly that. So what is the problem?
>
> Craig
>
>
> > Below is some code.
> >
> > Web.xml
> > <security-constraint>
> > <display-name>Example Security Constraint</display-name>
> > <web-resource-collection>
> > <web-resource-name>Protected Area</web-resource-name>
> > <!-- Define the context-relative URL(s) to be protected -->
> > <url-pattern>/servlet/*</url-pattern>
> > <url-pattern>/jsp/security/*</url-pattern>
> > <!-- If you list http methods, only those methods are
protected -->
> > <http-method>DELETE</http-method>
> > <http-method>GET</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <!-- Anyone with one of the listed roles may access this
area -->
> > <role-name>user</role-name>
> > <role-name>tomcat</role-name>
> > </auth-constraint>
> > </security-constraint>
> >
> > <!-- Default login configuration uses form-based authentication -->
> > <login-config>
> > <auth-method>FORM</auth-method>
> > <realm-name>Example Form-Based Authentication Area</realm-name>
> > <form-login-config>
> > <form-login-page>/jsp/security/login.jsp</form-login-page>
> > <form-error-page>/jsp/security/error.jsp</form-error-page>
> > </form-login-config>
> > </login-config>
> >
> > ProtectedPage.java
> > public class ProtectedPage extends HttpServlet {
> >
> > // Default constructor
> > public ProtectedPage() {
> > super();
> > }
> >
> > public void doGet(HttpServletRequest request, HttpServletResponse
> response)
> > {
> > performTask(request, response);
> > }
> >
> > public void doPost(HttpServletRequest request, HttpServletResponse
> > response) {
> > performTask(request, response);
> > }
> >
> > public void performTask(HttpServletRequest request,
> HttpServletResponse
> > response) {
> >
> > try {
> > String jspPage = "index.jsp";
> > RequestDispatcher rd =
> > getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
> > rd.forward(request, response);
> > }
> > catch(Exception e) {
> > e.printStackTrace();
> > }
> > }
> > }
> >
> > index.jsp
> > <html>
> > <head>
> > <title>Protected Page for Examples</title>
> > </head>
> > <body bgcolor="white">
> >
> > You are logged in as remote user <b><%= request.getRemoteUser() %></b>
> > in session <b><%= session.getId() %></b><br><br>
> >
> > <%
> > if (request.getUserPrincipal() != null) {
> > %>
> > Your user principal name is
> > <b><%= request.getUserPrincipal().getName() %></b><br><br>
> > <%
> > } else {
> > %>
> > No user principal could be identified.<br><br>
> > <%
> > }
> > %>
> >
> > <%
> > String role = request.getParameter("role");
> > if (role == null)
> > role = "";
> > if (role.length() > 0) {
> > if (request.isUserInRole(role)) {
> > %>
> > You have been granted role <b><%= role %></b><br><br>
> > <%
> > } else {
> > %>
> > You have <i>not</i> been granted role <b><%= role %></b><br><br>
> > <%
> > }
> > }
> > %>
> > </body>
> > </html>
> >
> >
> > Kevin Andryc
> > Web Systems Engineer
> > MISER
> > http://www.umass.edu/miser/
> > Phone: (413)-545-3460
> > kandryc@miser.umass.edu
> >
> >
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
> >
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Java Mail/IMAP
Posted by Kevin Andryc <ka...@miser.umass.edu>.
Thanks! I appreciate everyone's help!
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
-----Original Message-----
From: Rick Fincher [mailto:rnf@tbird.com]
Sent: Monday, July 15, 2002 03:53 PM
To: Tomcat Users List
Subject: Re: Java Mail/IMAP
Hi Kevin,
If no one else can help with imap mail in Tomcat, Sun has a mail webapp on
their web site that supports IMAP and POP and enclosures of graphics and pdf
files, etc.
They use a tag library so it's easy to customize.
Details are at:
http://developer.java.sun.com/developer/technicalArticles/javaserverpages/em
ailapps/
Rick
----- Original Message -----
From: "Kevin Andryc" <ka...@miser.umass.edu>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Monday, July 15, 2002 3:34 PM
Subject: Java Mail/IMAP
> I was looking at "SendMailServlet.java" example provided by Tomcat 4.0, I
> was wondering if anyone could provide help using an IMAP server instead.
For
> example, I need to authenticate and am not sure what I need to add in
order
> for that to happen.
>
> Thanks,
> Kevin
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> kandryc@miser.umass.edu
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Java Mail/IMAP
Posted by Rick Fincher <rn...@tbird.com>.
Hi Kevin,
If no one else can help with imap mail in Tomcat, Sun has a mail webapp on
their web site that supports IMAP and POP and enclosures of graphics and pdf
files, etc.
They use a tag library so it's easy to customize.
Details are at:
http://developer.java.sun.com/developer/technicalArticles/javaserverpages/em
ailapps/
Rick
----- Original Message -----
From: "Kevin Andryc" <ka...@miser.umass.edu>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Monday, July 15, 2002 3:34 PM
Subject: Java Mail/IMAP
> I was looking at "SendMailServlet.java" example provided by Tomcat 4.0, I
> was wondering if anyone could provide help using an IMAP server instead.
For
> example, I need to authenticate and am not sure what I need to add in
order
> for that to happen.
>
> Thanks,
> Kevin
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> kandryc@miser.umass.edu
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: mod_jk for Linux (Tomcat 4.0.4/Apache 1.3.26)
Posted by Mario Henley Becerril Geldis <he...@uaemex.mx>.
> Where do I find mod_jk.so (Linux) along with the configuration files
> (workers.properties, mod_jk.conf etc.) for Tomcat 4.0.4 for use with Apache
> 1.3.26?
good address http://www.galatea.com/flasguides
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
mod_jk for Linux (Tomcat 4.0.4/Apache 1.3.26)
Posted by Kevin Andryc <ka...@miser.umass.edu>.
Where do I find mod_jk.so (Linux) along with the configuration files
(workers.properties, mod_jk.conf etc.) for Tomcat 4.0.4 for use with Apache
1.3.26?
Thanks,
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Java Mail/IMAP
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Mon, 15 Jul 2002, Kevin Andryc wrote:
> Date: Mon, 15 Jul 2002 15:34:43 -0400
> From: Kevin Andryc <ka...@miser.umass.edu>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: Java Mail/IMAP
>
> I was looking at "SendMailServlet.java" example provided by Tomcat 4.0, I
> was wondering if anyone could provide help using an IMAP server instead. For
> example, I need to authenticate and am not sure what I need to add in order
> for that to happen.
>
IMAP only helps you *receive* messages and manage folders. Message
sending (via a Transport instance in JavaMail) still requires SMTP.
At any rate, the JavaMail download will have docs and examples on how to
use the included IMAP support.
http://java.sun.com/products/javamail
> Thanks,
> Kevin
>
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Java Mail/IMAP
Posted by Kevin Andryc <ka...@miser.umass.edu>.
I was looking at "SendMailServlet.java" example provided by Tomcat 4.0, I
was wondering if anyone could provide help using an IMAP server instead. For
example, I need to authenticate and am not sure what I need to add in order
for that to happen.
Thanks,
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 4 Jul 2002, Kevin Andryc wrote:
> Date: Thu, 04 Jul 2002 17:30:53 -0400
> From: Kevin Andryc <ka...@miser.umass.edu>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: RE: j_security_check question: RequestDispatcher .forward!! PLZ
> HELP!
>
> I am currently using Tomcat 4.0.4. My problem is that when I use the
> RequestDispatcher and forward the request to the index.jsp page, it does not
> work. Instead I get the login page. If you look at ProtectedPage.java, you
> can see I forward the request to the index.jsp page. If it worked correctly,
> I would type in (http://localhost:8080/dev/servlet/ProtectedPage) and a
> login prompt would appear (login.jsp). Once I successfully logged in, I
> should then go to my servlet (ProtectedPage), which should show index.jsp.
> Instead, I get the login.jsp form when I successfully log in. When I changed
> the ProtectedPage.java code so that it doesn't use the RequestDispatcher and
> instead used a PrintWriter, it works fine. My question is, why can I not use
> the RequestDispatcher??
>
One other thing to check is that you have cookies turned on. Form based
login requires the use of a session, and that means you need cookies since
you are not doing URL rewriting.
> Thanks for your help :).
>
> Kevin
Craig
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> kandryc@miser.umass.edu
>
>
>
> -----Original Message-----
> From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> Sent: Thursday, July 04, 2002 05:25 PM
> To: Tomcat Users List
> Subject: Re: j_security_check question: RequestDispatcher .forward!! PLZ
> HELP!
>
>
> On Thu, 4 Jul 2002, Kevin Andryc wrote:
>
> > Date: Thu, 04 Jul 2002 15:46:04 -0400
> > From: Kevin Andryc <ka...@miser.umass.edu>
> > Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> > To: Tomcat Users List <to...@jakarta.apache.org>
> > Subject: j_security_check question: RequestDispatcher .forward!! PLZ HELP!
> >
> > OK,
> > So I found that I can access my servlet if I don't use the
> > RequestDispatcher .forward method. In other words, when I try and access
> my
> > page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a login
> > JSP form that I specified. When I login successfully,the login page
> > reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
> > .forward method instead of using a PrintWriter to send back the response.
> > Why can I not use the RequestDispatcher, if I can, how???
> >
>
> If you are using Tomcat 3.x, you'll have a problem with your example code
> below, because you've got the form login page inside your protected area.
> That works fine in Tomcat 4, however. In Tomcat 3, move your login page
> to some directory that is *not* protected by a security constraint.
>
> What is not obvious from your question is what it is, exactly, that you
> are asking. You seem to claim that you cannot use a request dispatcher,
> but your code is doing exactly that. So what is the problem?
>
> Craig
>
>
> > Below is some code.
> >
> > Web.xml
> > <security-constraint>
> > <display-name>Example Security Constraint</display-name>
> > <web-resource-collection>
> > <web-resource-name>Protected Area</web-resource-name>
> > <!-- Define the context-relative URL(s) to be protected -->
> > <url-pattern>/servlet/*</url-pattern>
> > <url-pattern>/jsp/security/*</url-pattern>
> > <!-- If you list http methods, only those methods are protected -->
> > <http-method>DELETE</http-method>
> > <http-method>GET</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <!-- Anyone with one of the listed roles may access this area -->
> > <role-name>user</role-name>
> > <role-name>tomcat</role-name>
> > </auth-constraint>
> > </security-constraint>
> >
> > <!-- Default login configuration uses form-based authentication -->
> > <login-config>
> > <auth-method>FORM</auth-method>
> > <realm-name>Example Form-Based Authentication Area</realm-name>
> > <form-login-config>
> > <form-login-page>/jsp/security/login.jsp</form-login-page>
> > <form-error-page>/jsp/security/error.jsp</form-error-page>
> > </form-login-config>
> > </login-config>
> >
> > ProtectedPage.java
> > public class ProtectedPage extends HttpServlet {
> >
> > // Default constructor
> > public ProtectedPage() {
> > super();
> > }
> >
> > public void doGet(HttpServletRequest request, HttpServletResponse
> response)
> > {
> > performTask(request, response);
> > }
> >
> > public void doPost(HttpServletRequest request, HttpServletResponse
> > response) {
> > performTask(request, response);
> > }
> >
> > public void performTask(HttpServletRequest request,
> HttpServletResponse
> > response) {
> >
> > try {
> > String jspPage = "index.jsp";
> > RequestDispatcher rd =
> > getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
> > rd.forward(request, response);
> > }
> > catch(Exception e) {
> > e.printStackTrace();
> > }
> > }
> > }
> >
> > index.jsp
> > <html>
> > <head>
> > <title>Protected Page for Examples</title>
> > </head>
> > <body bgcolor="white">
> >
> > You are logged in as remote user <b><%= request.getRemoteUser() %></b>
> > in session <b><%= session.getId() %></b><br><br>
> >
> > <%
> > if (request.getUserPrincipal() != null) {
> > %>
> > Your user principal name is
> > <b><%= request.getUserPrincipal().getName() %></b><br><br>
> > <%
> > } else {
> > %>
> > No user principal could be identified.<br><br>
> > <%
> > }
> > %>
> >
> > <%
> > String role = request.getParameter("role");
> > if (role == null)
> > role = "";
> > if (role.length() > 0) {
> > if (request.isUserInRole(role)) {
> > %>
> > You have been granted role <b><%= role %></b><br><br>
> > <%
> > } else {
> > %>
> > You have <i>not</i> been granted role <b><%= role %></b><br><br>
> > <%
> > }
> > }
> > %>
> > </body>
> > </html>
> >
> >
> > Kevin Andryc
> > Web Systems Engineer
> > MISER
> > http://www.umass.edu/miser/
> > Phone: (413)-545-3460
> > kandryc@miser.umass.edu
> >
> >
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
> >
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: j_security_check question: RequestDispatcher .forward!! PLZ HELP!
Posted by Kevin Andryc <ka...@miser.umass.edu>.
I am currently using Tomcat 4.0.4. My problem is that when I use the
RequestDispatcher and forward the request to the index.jsp page, it does not
work. Instead I get the login page. If you look at ProtectedPage.java, you
can see I forward the request to the index.jsp page. If it worked correctly,
I would type in (http://localhost:8080/dev/servlet/ProtectedPage) and a
login prompt would appear (login.jsp). Once I successfully logged in, I
should then go to my servlet (ProtectedPage), which should show index.jsp.
Instead, I get the login.jsp form when I successfully log in. When I changed
the ProtectedPage.java code so that it doesn't use the RequestDispatcher and
instead used a PrintWriter, it works fine. My question is, why can I not use
the RequestDispatcher??
Thanks for your help :).
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
-----Original Message-----
From: Craig R. McClanahan [mailto:craigmcc@apache.org]
Sent: Thursday, July 04, 2002 05:25 PM
To: Tomcat Users List
Subject: Re: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!
On Thu, 4 Jul 2002, Kevin Andryc wrote:
> Date: Thu, 04 Jul 2002 15:46:04 -0400
> From: Kevin Andryc <ka...@miser.umass.edu>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: j_security_check question: RequestDispatcher .forward!! PLZ HELP!
>
> OK,
> So I found that I can access my servlet if I don't use the
> RequestDispatcher .forward method. In other words, when I try and access
my
> page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a login
> JSP form that I specified. When I login successfully,the login page
> reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
> .forward method instead of using a PrintWriter to send back the response.
> Why can I not use the RequestDispatcher, if I can, how???
>
If you are using Tomcat 3.x, you'll have a problem with your example code
below, because you've got the form login page inside your protected area.
That works fine in Tomcat 4, however. In Tomcat 3, move your login page
to some directory that is *not* protected by a security constraint.
What is not obvious from your question is what it is, exactly, that you
are asking. You seem to claim that you cannot use a request dispatcher,
but your code is doing exactly that. So what is the problem?
Craig
> Below is some code.
>
> Web.xml
> <security-constraint>
> <display-name>Example Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/servlet/*</url-pattern>
> <url-pattern>/jsp/security/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>user</role-name>
> <role-name>tomcat</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Default login configuration uses form-based authentication -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/jsp/security/login.jsp</form-login-page>
> <form-error-page>/jsp/security/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> ProtectedPage.java
> public class ProtectedPage extends HttpServlet {
>
> // Default constructor
> public ProtectedPage() {
> super();
> }
>
> public void doGet(HttpServletRequest request, HttpServletResponse
response)
> {
> performTask(request, response);
> }
>
> public void doPost(HttpServletRequest request, HttpServletResponse
> response) {
> performTask(request, response);
> }
>
> public void performTask(HttpServletRequest request,
HttpServletResponse
> response) {
>
> try {
> String jspPage = "index.jsp";
> RequestDispatcher rd =
> getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
> rd.forward(request, response);
> }
> catch(Exception e) {
> e.printStackTrace();
> }
> }
> }
>
> index.jsp
> <html>
> <head>
> <title>Protected Page for Examples</title>
> </head>
> <body bgcolor="white">
>
> You are logged in as remote user <b><%= request.getRemoteUser() %></b>
> in session <b><%= session.getId() %></b><br><br>
>
> <%
> if (request.getUserPrincipal() != null) {
> %>
> Your user principal name is
> <b><%= request.getUserPrincipal().getName() %></b><br><br>
> <%
> } else {
> %>
> No user principal could be identified.<br><br>
> <%
> }
> %>
>
> <%
> String role = request.getParameter("role");
> if (role == null)
> role = "";
> if (role.length() > 0) {
> if (request.isUserInRole(role)) {
> %>
> You have been granted role <b><%= role %></b><br><br>
> <%
> } else {
> %>
> You have <i>not</i> been granted role <b><%= role %></b><br><br>
> <%
> }
> }
> %>
> </body>
> </html>
>
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> kandryc@miser.umass.edu
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 4 Jul 2002, Kevin Andryc wrote:
> Date: Thu, 04 Jul 2002 15:46:04 -0400
> From: Kevin Andryc <ka...@miser.umass.edu>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: j_security_check question: RequestDispatcher .forward!! PLZ HELP!
>
> OK,
> So I found that I can access my servlet if I don't use the
> RequestDispatcher .forward method. In other words, when I try and access my
> page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a login
> JSP form that I specified. When I login successfully,the login page
> reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
> .forward method instead of using a PrintWriter to send back the response.
> Why can I not use the RequestDispatcher, if I can, how???
>
If you are using Tomcat 3.x, you'll have a problem with your example code
below, because you've got the form login page inside your protected area.
That works fine in Tomcat 4, however. In Tomcat 3, move your login page
to some directory that is *not* protected by a security constraint.
What is not obvious from your question is what it is, exactly, that you
are asking. You seem to claim that you cannot use a request dispatcher,
but your code is doing exactly that. So what is the problem?
Craig
> Below is some code.
>
> Web.xml
> <security-constraint>
> <display-name>Example Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/servlet/*</url-pattern>
> <url-pattern>/jsp/security/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>user</role-name>
> <role-name>tomcat</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Default login configuration uses form-based authentication -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/jsp/security/login.jsp</form-login-page>
> <form-error-page>/jsp/security/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> ProtectedPage.java
> public class ProtectedPage extends HttpServlet {
>
> // Default constructor
> public ProtectedPage() {
> super();
> }
>
> public void doGet(HttpServletRequest request, HttpServletResponse response)
> {
> performTask(request, response);
> }
>
> public void doPost(HttpServletRequest request, HttpServletResponse
> response) {
> performTask(request, response);
> }
>
> public void performTask(HttpServletRequest request, HttpServletResponse
> response) {
>
> try {
> String jspPage = "index.jsp";
> RequestDispatcher rd =
> getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
> rd.forward(request, response);
> }
> catch(Exception e) {
> e.printStackTrace();
> }
> }
> }
>
> index.jsp
> <html>
> <head>
> <title>Protected Page for Examples</title>
> </head>
> <body bgcolor="white">
>
> You are logged in as remote user <b><%= request.getRemoteUser() %></b>
> in session <b><%= session.getId() %></b><br><br>
>
> <%
> if (request.getUserPrincipal() != null) {
> %>
> Your user principal name is
> <b><%= request.getUserPrincipal().getName() %></b><br><br>
> <%
> } else {
> %>
> No user principal could be identified.<br><br>
> <%
> }
> %>
>
> <%
> String role = request.getParameter("role");
> if (role == null)
> role = "";
> if (role.length() > 0) {
> if (request.isUserInRole(role)) {
> %>
> You have been granted role <b><%= role %></b><br><br>
> <%
> } else {
> %>
> You have <i>not</i> been granted role <b><%= role %></b><br><br>
> <%
> }
> }
> %>
> </body>
> </html>
>
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> kandryc@miser.umass.edu
>
>
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>