tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Aumont <vincent.aum...@vslab.com>
Subject Re: HELP - Security in web.xml
Date Tue, 30 May 2000 06:37:13 GMT

Comment out the following line in jakarta-tomcat/conf/server.xml:

<RequestInterceptor className="org.apache.tomcat.request.SecurityCheck"
/>

If the problem persists, at least you'll not it's not due to tomcat.

Vincent.

PS: and after 3 times, does it let you in?

Joel Rouiller wrote:

>  No, I intentionally commented out any <security-constraint> or
> <login-config> tags.
>
>      ----- Original Message -----
>      From: Vincent Aumont
>      To: tomcat-user@jakarta.apache.org
>      Sent: Monday, May 29, 2000 5:40 PM
>      Subject: Re: HELP - Security in web.xml
>       Are you sure you don't have a <security-constraint> or
>      <login-config> in your web.xml file?
>
>      Joel Rouiller wrote:
>
>     > Dear reader, I installed Tomcat on Linux with the Apache
>     > web server. All the examples are running well. But our
>     > servlet (running well with JServ) makes me sick. I
>     > installed all necessary files in $TOMCAT/webapps/reporting
>     > as described in various papers. The web.xml file looks
>     > like this: <?xml version="1.0" encoding="ISO-8859-1"?>
>     > <!DOCTYPE web-app
>     >     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
>     > 2.2//EN"
>     >     "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
>     > <web-app>
>     >   <servlet>
>     >     <servlet-name>Reporting</servlet-name>
>     >
>     > <servlet-class>ch.infometis.reporting.servlet.ReportingServlet</servlet-class>
>     >
>     >     <init-param>
>     >       <param-name>db.driver</param-name>
>     >
>     > <param-value>oracle.jdbc.driver.OracleDriver</param-value>
>     >
>     >     </init-param>
>     >     <init-param>
>     >       ... other init parameters ...    </init-param>
>     >     <init-param>
>     >       <param-name>html.entries_new</param-name>
>     >       <param-value>2</param-value>
>     >     </init-param>
>     >   </servlet>
>     >   <servlet-mapping>
>     >     <servlet-name>Reporting</servlet-name>
>     >     <url-pattern>/reporting</url-pattern>
>     >   </servlet-mapping>
>     > </web-app> I added the following line in
>     > $TOMCAT/conf/server.xml:         <Context
>     > path="/reporting" docBase="webapps/reporting" debug="9"
>     > reloadable="true">        </Context> And
>     > $TOMCAT/conf/tomcat.conf look like this:
>     > ###############################################################################
>     >
>     > #                     Apache JServ Configuration
>     > File                         #
>     >
>     > ###############################################################################
>     > Note: this file should be appended or included into your
>     > httpd.conf # Tell Apache on Unix to load the Apache JServ
>     > communication module
>     > # For shared object builds only!!!
>     > # @LOAD_OR_NOT@LoadModule jserv_module
>     > @LIBEXECDIR@/mod_jserv.so
>     > LoadModule jserv_module /usr/lib/apache/mod_jserv.so
>     > <IfModule mod_jserv.c>
>     > # Do not edit!
>     > ApJServManual on
>     > ApJServDefaultProtocol ajpv12
>     > ApJServSecretKey DISABLED
>     > ApJServMountCopy on
>     > ApJServLogLevel notice
>     > ApJServLogFile DISABLED### Change if you run tomcat on a
>     > different host
>     > #ApJServDefaultHost localhost
>     > ApJServDefaultPort 8007
>     > #################### All jsp files will go to tomcat
>     > ####################
>     > #ApJServMount default /root AddType text/jsp .jsp
>     > AddHandler jserv-servlet .jsp
>     > ############################## Context mapping - you need
>     > to "deploy"
>     > # ( copy or ln -s ) the context into htdocs
>     > ## ApJServMount /examples /root
>     > ApJServMount /reporting /root
>     > ApJServMount /test /root
>     > ApJServMount /servlet /root </IfModule> I removed all
>     > access restriction to the reporting directories in
>     > httpd.conf. So it should be accessed from anyone from
>     > everywhere, but no, it allways ask me three times a user
>     > id and password to log in. Has anyone an idea what is
>     > going wrong or what I is configured wrong? Best regards
>     > and thanks for any suggestions, Joel Rouiller / infometis
>     > ag
>

Mime
View raw message