You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by John Wallace <jw...@anode.com> on 2006/05/01 23:55:20 UTC

can't get parameter when security is on

  I am having problems getting a parameter from my web form when I have 
security turned on for a servlet running in Tomcat 5.5.15.  Here is the 
code:


My Tomcat's server.xml file has this defined:
    <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

...and...

    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Note:  I did not change anything in the server.xml file other than 
uncomment the sections above.

Now in my web.xml deployment descriptor I have defined:

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>ParameterTest</web-resource-name>
            <url-pattern>/parameter_test</url-pattern>
         </web-resource-collection>

         <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
   </security-constraint>

   <servlet>
      <servlet-name>Parameter Test</servlet-name>
      <servlet-class>ParameterTest</servlet-class>
   </servlet>

   <servlet-mapping>
      <servlet-name>Parameter Test</servlet-name>
      <url-pattern>/parameter_test</url-pattern>
   </servlet-mapping>


I have a simple web form:

<html>
   <head>
      <title>Parameter Test</title>
   </head>
   <body>
      <center>Parameter Test
      <br>
      <br>
      <form action="parameter_test" method="post">
         Please enter your parameter: <input type="text" name="my_parameter">
         <br>
         <br>
         <input type="submit" value="Ok"/>
      </form>
      </center>
   </body>
</html>



Finally in my code (ParameterTest.java) I have:

   public void doPost (HttpServletRequest request, HttpServletResponse 
response) throws IOException {
      PrintWriter out = response.getWriter();
 
      String the_parameter = request.getParameter("my_parameter");
      out.println("my_parameter = "+the_parameter);

      out.println("parameter names:");
      for (Enumeration e = request.getParameterNames() ; 
e.hasMoreElements() ;) {
         out.println("parameter: "+e.nextElement());
     }
}

If the  security-constraint section IS defined in my web.xml deployment 
descriptor, output in my web browser is:

my_parameter = null
parameter names:

Now if I take the security-constraint section out of my web.xml file I 
get the following output in my web browser:

my_parameter = 43625
parameter names:
parameter: my_parameter

So my code works just fine /without/ the security-constraint defined.

My question is this:  What do I need to do to get the parameter to be 
passed to my ParameterTest servlet with the security-constraint 
defined?  I need security to work here.

Thanks,

-- 
John Wallace | Java / Web Developer
jwallace@anode.com http://anode.com


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: can't get parameter when security is on

Posted by Marc Farrow <ma...@gmail.com>.

This looks like it should work.  Sorry.

On 5/1/06, John Wallace <jw...@anode.com> wrote:
>
> I am having problems getting a parameter from my web form when I have
> security turned on for a servlet running in Tomcat 5.5.15.  Here is the
> code:
>
>
> My Tomcat's server.xml file has this defined:
>    <Connector port="8080" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" redirectPort="8443" acceptCount="100"
>               connectionTimeout="20000" disableUploadTimeout="true" />
>
> ...and...
>
>    <Connector port="8443" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" disableUploadTimeout="true"
>               acceptCount="100" scheme="https" secure="true"
>               clientAuth="false" sslProtocol="TLS" />
>
> Note:  I did not change anything in the server.xml file other than
> uncomment the sections above.
>
> Now in my web.xml deployment descriptor I have defined:
>
>   <security-constraint>
>      <web-resource-collection>
>         <web-resource-name>ParameterTest</web-resource-name>
>            <url-pattern>/parameter_test</url-pattern>
>         </web-resource-collection>
>
>         <user-data-constraint>
>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>         </user-data-constraint>
>   </security-constraint>
>
>   <servlet>
>      <servlet-name>Parameter Test</servlet-name>
>      <servlet-class>ParameterTest</servlet-class>
>   </servlet>
>
>   <servlet-mapping>
>      <servlet-name>Parameter Test</servlet-name>
>      <url-pattern>/parameter_test</url-pattern>
>   </servlet-mapping>
>
>
> I have a simple web form:
>
> <html>
>   <head>
>      <title>Parameter Test</title>
>   </head>
>   <body>
>      <center>Parameter Test
>      <br>
>      <br>
>      <form action="parameter_test" method="post">
>         Please enter your parameter: <input type="text"
> name="my_parameter">
>         <br>
>         <br>
>         <input type="submit" value="Ok"/>
>      </form>
>      </center>
>   </body>
> </html>
>
>
>
> Finally in my code (ParameterTest.java) I have:
>
>   public void doPost (HttpServletRequest request, HttpServletResponse
> response) throws IOException {
>      PrintWriter out = response.getWriter();
>
>      String the_parameter = request.getParameter("my_parameter");
>      out.println("my_parameter = "+the_parameter);
>
>      out.println("parameter names:");
>      for (Enumeration e = request.getParameterNames() ;
> e.hasMoreElements() ;) {
>         out.println("parameter: "+e.nextElement());
>     }
> }
>
> If the  security-constraint section IS defined in my web.xml deployment
> descriptor, output in my web browser is:
>
> my_parameter = null
> parameter names:
>
> Now if I take the security-constraint section out of my web.xml file I
> get the following output in my web browser:
>
> my_parameter = 43625
> parameter names:
> parameter: my_parameter
>
> So my code works just fine /without/ the security-constraint defined.
>
> My question is this:  What do I need to do to get the parameter to be
> passed to my ParameterTest servlet with the security-constraint
> defined?  I need security to work here.
>
> Thanks,
>
> --
> John Wallace | Java / Web Developer
> jwallace@anode.com http://anode.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


--
Marc Farrow