You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Wallace <jw...@anode.com> on 2006/05/01 23:55:20 UTC
can't get parameter when security is on
I am having problems getting a parameter from my web form when I have
security turned on for a servlet running in Tomcat 5.5.15. Here is the
code:
My Tomcat's server.xml file has this defined:
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
...and...
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Note: I did not change anything in the server.xml file other than
uncomment the sections above.
Now in my web.xml deployment descriptor I have defined:
<security-constraint>
<web-resource-collection>
<web-resource-name>ParameterTest</web-resource-name>
<url-pattern>/parameter_test</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<servlet>
<servlet-name>Parameter Test</servlet-name>
<servlet-class>ParameterTest</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Parameter Test</servlet-name>
<url-pattern>/parameter_test</url-pattern>
</servlet-mapping>
I have a simple web form:
<html>
<head>
<title>Parameter Test</title>
</head>
<body>
<center>Parameter Test
<br>
<br>
<form action="parameter_test" method="post">
Please enter your parameter: <input type="text" name="my_parameter">
<br>
<br>
<input type="submit" value="Ok"/>
</form>
</center>
</body>
</html>
Finally in my code (ParameterTest.java) I have:
public void doPost (HttpServletRequest request, HttpServletResponse
response) throws IOException {
PrintWriter out = response.getWriter();
String the_parameter = request.getParameter("my_parameter");
out.println("my_parameter = "+the_parameter);
out.println("parameter names:");
for (Enumeration e = request.getParameterNames() ;
e.hasMoreElements() ;) {
out.println("parameter: "+e.nextElement());
}
}
If the security-constraint section IS defined in my web.xml deployment
descriptor, output in my web browser is:
my_parameter = null
parameter names:
Now if I take the security-constraint section out of my web.xml file I
get the following output in my web browser:
my_parameter = 43625
parameter names:
parameter: my_parameter
So my code works just fine /without/ the security-constraint defined.
My question is this: What do I need to do to get the parameter to be
passed to my ParameterTest servlet with the security-constraint
defined? I need security to work here.
Thanks,
--
John Wallace | Java / Web Developer
jwallace@anode.com http://anode.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: can't get parameter when security is on
Posted by Marc Farrow <ma...@gmail.com>.
This looks like it should work. Sorry.
On 5/1/06, John Wallace <jw...@anode.com> wrote:
>
> I am having problems getting a parameter from my web form when I have
> security turned on for a servlet running in Tomcat 5.5.15. Here is the
> code:
>
>
> My Tomcat's server.xml file has this defined:
> <Connector port="8080" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" redirectPort="8443" acceptCount="100"
> connectionTimeout="20000" disableUploadTimeout="true" />
>
> ...and...
>
> <Connector port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
>
> Note: I did not change anything in the server.xml file other than
> uncomment the sections above.
>
> Now in my web.xml deployment descriptor I have defined:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>ParameterTest</web-resource-name>
> <url-pattern>/parameter_test</url-pattern>
> </web-resource-collection>
>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <servlet>
> <servlet-name>Parameter Test</servlet-name>
> <servlet-class>ParameterTest</servlet-class>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>Parameter Test</servlet-name>
> <url-pattern>/parameter_test</url-pattern>
> </servlet-mapping>
>
>
> I have a simple web form:
>
> <html>
> <head>
> <title>Parameter Test</title>
> </head>
> <body>
> <center>Parameter Test
> <br>
> <br>
> <form action="parameter_test" method="post">
> Please enter your parameter: <input type="text"
> name="my_parameter">
> <br>
> <br>
> <input type="submit" value="Ok"/>
> </form>
> </center>
> </body>
> </html>
>
>
>
> Finally in my code (ParameterTest.java) I have:
>
> public void doPost (HttpServletRequest request, HttpServletResponse
> response) throws IOException {
> PrintWriter out = response.getWriter();
>
> String the_parameter = request.getParameter("my_parameter");
> out.println("my_parameter = "+the_parameter);
>
> out.println("parameter names:");
> for (Enumeration e = request.getParameterNames() ;
> e.hasMoreElements() ;) {
> out.println("parameter: "+e.nextElement());
> }
> }
>
> If the security-constraint section IS defined in my web.xml deployment
> descriptor, output in my web browser is:
>
> my_parameter = null
> parameter names:
>
> Now if I take the security-constraint section out of my web.xml file I
> get the following output in my web browser:
>
> my_parameter = 43625
> parameter names:
> parameter: my_parameter
>
> So my code works just fine /without/ the security-constraint defined.
>
> My question is this: What do I need to do to get the parameter to be
> passed to my ParameterTest servlet with the security-constraint
> defined? I need security to work here.
>
> Thanks,
>
> --
> John Wallace | Java / Web Developer
> jwallace@anode.com http://anode.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Marc Farrow