tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Server returned HTTP response code: 408 for URL: https...j_security_check
Date Wed, 24 Dec 2008 00:35:51 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To whom it may concern,

(Can you set your name in your email client? It's irritating to write to
an email address that doesn't indicate a name. You also don't include
your name in your posts.)

removeps-groups@yahoo.com wrote:
>          URL url = new URL("https://localhost:6143/mywebservice/action/j_security_check");
>          HttpURLConnection connection = (HttpURLConnection) url.openConnection();
>          connection.setRequestMethod("POST");

As Chuck pointed out (without saying it explicitly), Tomcat does not
allow drive-by logins. If you need this feature, you will have to either
hack Tomcat or use a separate tool.

Securityfilter (http://securityfilter.sourceforge.net) is a replacement
for container-based authentication and authorization and allows you to
do drive-by logins if you wish (that is, POST directly to
j_security_check with a username and password).

In any case, you'll have to do JSESSIONID management yourself on the
client, either by reading the JSESSIONID cookie, or sniffing the
"jsessionid" request parameter returned in redirect URLs provided by the
server. I recommend the cookie option.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklRg+cACgkQ9CaO5/Lv0PAL7gCeP+Ju7YO/f4bydl93c05OWPtU
JOoAnRcadfJf74VaVS5Nk7Dy57c3UcfS
=oKSE
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message