tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Farrow" <marc.far...@gmail.com>
Subject Re: can't get parameter when security is on
Date Tue, 02 May 2006 01:41:44 GMT
This looks like it should work.  Sorry.

On 5/1/06, John Wallace <jwallace@anode.com> wrote:
>
> I am having problems getting a parameter from my web form when I have
> security turned on for a servlet running in Tomcat 5.5.15.  Here is the
> code:
>
>
> My Tomcat's server.xml file has this defined:
>    <Connector port="8080" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" redirectPort="8443" acceptCount="100"
>               connectionTimeout="20000" disableUploadTimeout="true" />
>
> ...and...
>
>    <Connector port="8443" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" disableUploadTimeout="true"
>               acceptCount="100" scheme="https" secure="true"
>               clientAuth="false" sslProtocol="TLS" />
>
> Note:  I did not change anything in the server.xml file other than
> uncomment the sections above.
>
> Now in my web.xml deployment descriptor I have defined:
>
>   <security-constraint>
>      <web-resource-collection>
>         <web-resource-name>ParameterTest</web-resource-name>
>            <url-pattern>/parameter_test</url-pattern>
>         </web-resource-collection>
>
>         <user-data-constraint>
>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>         </user-data-constraint>
>   </security-constraint>
>
>   <servlet>
>      <servlet-name>Parameter Test</servlet-name>
>      <servlet-class>ParameterTest</servlet-class>
>   </servlet>
>
>   <servlet-mapping>
>      <servlet-name>Parameter Test</servlet-name>
>      <url-pattern>/parameter_test</url-pattern>
>   </servlet-mapping>
>
>
> I have a simple web form:
>
> <html>
>   <head>
>      <title>Parameter Test</title>
>   </head>
>   <body>
>      <center>Parameter Test
>      <br>
>      <br>
>      <form action="parameter_test" method="post">
>         Please enter your parameter: <input type="text"
> name="my_parameter">
>         <br>
>         <br>
>         <input type="submit" value="Ok"/>
>      </form>
>      </center>
>   </body>
> </html>
>
>
>
> Finally in my code (ParameterTest.java) I have:
>
>   public void doPost (HttpServletRequest request, HttpServletResponse
> response) throws IOException {
>      PrintWriter out = response.getWriter();
>
>      String the_parameter = request.getParameter("my_parameter");
>      out.println("my_parameter = "+the_parameter);
>
>      out.println("parameter names:");
>      for (Enumeration e = request.getParameterNames() ;
> e.hasMoreElements() ;) {
>         out.println("parameter: "+e.nextElement());
>     }
> }
>
> If the  security-constraint section IS defined in my web.xml deployment
> descriptor, output in my web browser is:
>
> my_parameter = null
> parameter names:
>
> Now if I take the security-constraint section out of my web.xml file I
> get the following output in my web browser:
>
> my_parameter = 43625
> parameter names:
> parameter: my_parameter
>
> So my code works just fine /without/ the security-constraint defined.
>
> My question is this:  What do I need to do to get the parameter to be
> passed to my ParameterTest servlet with the security-constraint
> defined?  I need security to work here.
>
> Thanks,
>
> --
> John Wallace | Java / Web Developer
> jwallace@anode.com http://anode.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


--
Marc Farrow
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message