00:41.19 | *** join/#tomcat acidjnk22 (~havenone@p4FDFD984.dip.t-dialin.net) |
02:02.59 | *** join/#tomcat faffi (~pwn@unaffiliated/faffi) |
02:09.48 | *** join/#tomcat penk (~penk@97-95-190-204.dhcp.oxfr.ma.charter.com) |
02:16.13 | *** join/#tomcat penk^ (~penk@97-95-190-204.dhcp.oxfr.ma.charter.com) |
02:17.57 | *** join/#tomcat ineku (~user@unaffiliated/pkeni) |
02:18.30 | *** join/#tomcat bkfitz (~bkfitz@rrcs-70-63-252-68.midsouth.biz.rr.com) |
02:21.52 | *** join/#tomcat pradhand___ (~pradhand@142.177.249.108) |
02:29.04 | *** join/#tomcat internat (~nf@60-241-102-25.static.tpgi.com.au) |
02:33.24 | *** join/#tomcat ineku (~user@unaffiliated/pkeni) |
02:36.19 | *** join/#tomcat bkfitz (~bkfitz@86.sub-70-193-8.myvzw.com) |
03:05.02 | *** join/#tomcat clajo04_ (~clajo04_@pool-74-108-95-112.nycmny.fios.verizon.net) |
03:28.42 | *** join/#tomcat bkfitz (~bkfitz@86.sub-70-193-8.myvzw.com) |
04:22.46 | *** join/#tomcat penk (~penk@pool-71-184-15-85.bstnma.east.verizon.net) |
05:03.45 | *** join/#tomcat vigneshwaran (~vigneshwa@182.71.239.158) |
06:15.15 | *** join/#tomcat Victor (~test@244.Red-217-126-240.staticIP.rima-tde.net) |
06:20.00 | reisi | any ideas why will my WAR run nicely using maven goal 'tomcat7:run' but when i try the same through a forked integration test execution, it cannot resolve any of my classes? (custom ServletContextListener fails ClassNotFoundException, and spring cannot read any of my configuration files) |
06:25.43 | *** join/#tomcat stroodlepup (~stroodlep@222.127.44.62) |
06:25.47 | stroodlepup | hi |
06:52.00 | reisi | apparently it was https://issues.apache.org/jira/browse/MTOMCAT-173 |
06:52.30 | reisi | i wonder how come that bug hasn't warranted a 2.0.1, can't imagine which kind of launches would be possibly without that bug affecting.. |
06:56.32 | stroodlepup | has anyone ever had the idea of changing the design of the tomcat webpage? |
06:57.59 | stroodlepup | i know it's a bit unnecessary but it is much more encouraging to have your site look awesome :) |
07:05.32 | *** join/#tomcat mturk (~mturk@45-185.dsl.iskon.hr) |
07:05.37 | *** join/#tomcat mturk (~mturk@redhat/jboss/mturk) |
07:06.29 | *** join/#tomcat papegaaij (~papegaaij@212.238.236.125) |
07:07.47 | *** join/#tomcat mturk (~mturk@45-185.dsl.iskon.hr) |
07:07.47 | *** join/#tomcat mturk (~mturk@redhat/jboss/mturk) |
09:14.23 | *** join/#tomcat Squarism (~Squarism4@130.238.144.103) |
13:22.49 | *** join/#tomcat webguynow (~webguynow@c-24-1-222-204.hsd1.il.comcast.net) |
13:25.16 | *** join/#tomcat randrewj (~u1@dyn-128-59-53-132.dyn.columbia.edu) |
14:46.53 | *** join/#tomcat geek_cl (~lletelier@190.151.53.228) |
14:48.18 | geek_cl | i can't get my host-manager & manager work on my tomcat6 ? host-manager is not available anymore ? |
14:48.23 | *** join/#tomcat _moon (~moon@131.117.202.4) |
15:41.49 | *** join/#tomcat acidjnk22 (~havenone@p57B8D329.dip.t-dialin.net) |
17:58.20 | *** join/#tomcat penk (~penk@waltham-nat.ma.lycos.com) |
18:38.33 | *** join/#tomcat bkfitz (~bkfitz@39.sub-70-193-19.myvzw.com) |
18:50.56 | *** join/#tomcat raijin (~denkijin@unaffiliated/raijin) |
18:52.41 | raijin | so yea, running Tomcat/6.0.36, 1.7.0_09-b30 Oracle JDK, and my system is as follows |
18:52.48 | raijin | 12System: 12Host silmaril 12Kernel 3.6.9-1-ck x86_64 (64 bit) 12Distro Arch Linux |
18:53.10 | raijin | tomcat is dying because of permissions issues in re a webapp (libreplan) |
18:53.18 | raijin | andy guidance would be much appreciated |
18:53.25 | raijin | any* |
19:09.07 | *** join/#tomcat tcmarsh (a8b24c8f@gateway/web/freenode/ip.168.178.76.143) |
19:17.39 | tcmarsh | (TC 7.0.29, Sun JDK/Java SE 1.6.0.30, Windows XP Professional 2002 SP 3) & (TC 7.0.27, OpenJDK 1.6.0.24 64-Bit Server VM, CentOS Linux Kernel 2.6.32-220.17.1.el6.x86_64) |
19:17.57 | tcmarsh | The first setup is the one I'm actually running a debugger on to view the info, but the same behavior has been observed on both. |
19:19.51 | tcmarsh | A previous group decided to use ThreadLocal to preserve state for use in some DB logic, so the current user has some information saved in a ThreadLocal variable. When a new user logs on, at certain points this ThreadLocal variable is being set to the infromation from the user that just logged on. |
19:20.48 | whartung | you don't want to use ThreadLocal for anything out side of the scope of a single request tcmarsh |
19:20.53 | tcmarsh | Apparently this only happens when the call back to the server is done via AJAX (specifically DWR, but observed in other AJAX methods as well, I have only been tracking values through the DWR to this point, however). |
19:22.35 | tcmarsh | So, the use of ThreadLocal is a concern, and I've told all other developers simply not to use that variable, but this is kind of an informational question for me. There is a filter set up that sets the ThreadLocal information from a session scope variable, but that is obviously not being set when the DWR is called. |
19:24.11 | tcmarsh | Does anyone know what the difference between the AJAX request and a standard full page request would be as far as the filter behavior goes? As in, why is a request from a separate machine and/or browser changing ThreadLocal for the AJAX request sent from the page? |
19:24.38 | tcmarsh | Thanks for the quick response whartung. I know that, and I'm not using it in my code. |
19:32.02 | whartung | Tomcat doesn't know the difference between a JSP, HTML, or AJAX. |
19:32.05 | whartung | A request is a requet |
19:32.19 | whartung | and so that points to your filter mapping, and ensure that it has the proper coverage |
20:21.47 | *** part/#tomcat randrewj (~u1@dyn-128-59-53-132.dyn.columbia.edu) |
21:05.52 | *** join/#tomcat cjz (~Adium@12.153.137.82) |
21:10.46 | *** join/#tomcat descra (~quassel@m-109-111-96-65.andorpac.ad) |
21:10.50 | *** join/#tomcat droope (~ubuntu@ec2-23-22-158-26.compute-1.amazonaws.com) |
21:10.53 | droope | Hey there! I have a question. I have an application, and it uses a tomcat REALM for authentication. The requirements for the app I am trying to build, however, specify that I verify the users' password before allowing him to do some specially delicate operations. I was wondering how to achieve that. The realm in question is a COmbinedRealm with mainly a JNDIRealm and a fallback DatabaseRealm |
21:14.10 | droope | Oh, I am using tomcat 7.xx, running it on Ubuntu for dev, and I use Java 1.6, but I don't really know that much about java eh :P sorry if I get anywrong |
21:16.34 | *** join/#tomcat ineku (~user@unaffiliated/pkeni) |
21:18.20 | whartung | droope: Using a realm in Tomcat is using what's know as "Container Security", because the authentication is managed by the container (Tomcat) vs your application. This is managed through your web.xml and using the security-constraint element |
21:18.51 | whartung | The constraint is based on URL (or parts of URL, notably branches of the URI space, like /docs/secure/* |
21:19.39 | whartung | These might help: https://blogs.oracle.com/SureshMandalapu/entry/servlet_security_securing_web_applications and https://blogs.oracle.com/SureshMandalapu/entry/declarative_compared_to_programmatic_security |
21:20.31 | droope | hey whartung thanks for the answer |
21:20.37 | whartung | de nada |
21:20.47 | droope | hablas castellano? :P |
21:20.55 | whartung | nein :) |
21:21.00 | droope | Ahh OK :P |
21:21.48 | whartung | I had to look that up :) |
21:22.47 | droope | I'll give those a look right now. The thing is I really need to verify the users password. The use case is that when an admin logs in, he has the possibility of shutting down the automation on a system we are building, and it would be necessary for security for him to verify his password just to check its not a disgruntled employee that did it while he was away of the desk, pretty much like how banks ask for your password to be veri |
21:22.53 | droope | Ouch, long rant. |
21:24.32 | whartung | basically you assign a role to a chunk of URL space (like /docs/secure/*), and then you assign roles to users (via Tomcat/ the realm), then when the user is logged in, the user has the roles associated with them, then the container lets them in to areas where they have an appropriate role. |
21:25.09 | whartung | There's nothing stopping you have securing the /* space, save you need to open a little bit up just so they can get the login form (so its best to do some partitioning) |
21:25.24 | whartung | like most folks don't want the CSS and JS and GIF secured, etc. |
21:26.00 | droope | yeap, yeap, already got that set up |
21:26.01 | whartung | so you can have index.html that every one can see, and then you can place your servlets and such at /secure/myservlet |
21:26.12 | droope | Yeah, done! |
21:26.14 | whartung | and just secure every thing underneath that |
21:26.35 | droope | I have everything locked out with the JNDIRealm except for the /static/* folder |
21:26.39 | whartung | it's all done through the web.xml, and it will flumox and frustrate you since it will either work, or it won't :) |
21:26.52 | droope | :P |
21:28.12 | droope | Yeah, the thing is, I need to, after the user has already logged-in, check the password again |
21:28.23 | whartung | no, you don't |
21:28.34 | whartung | all you need to do is check that they have the proper role |
21:28.35 | whartung | that is |
21:28.36 | whartung | unless |
21:28.44 | whartung | you want logged in people to validate a second time |
21:28.58 | whartung | "do you really want to do this? Enter password: …." |
21:29.27 | droope | yeah, exactly that! |
21:29.36 | whartung | in that case |
21:29.36 | droope | look what I found: http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String, java.lang.String) |
21:30.08 | whartung | yea, that's a new part of the programmatic login in Servlet 3 -- I've not had much experience with that. |
21:30.17 | whartung | that may well work great for you |
21:30.19 | whartung | old school |
21:30.26 | whartung | you would use a JDBC realm |
21:30.37 | whartung | and simply reference the same authority tables in the DB as the realm does |
21:32.45 | droope | whartung: yeah, just contact the JNDI in my case? |
21:34.26 | droope | whartung: Tomcat 7 should support that, right? |
21:34.38 | droope | the login mechanism, I mean |
21:36.26 | whartung | I'm not familiar with the JNDI realm and how it works. You can probably just look at the source of it to figure out how to do the query yourself, you probably can't easily call the JNDI realm directly. |
21:36.41 | whartung | But try thine login routine. |
21:36.45 | whartung | see if that works for you |
21:37.17 | whartung | be careful that it doesn't "log you out" if it fails…I don't know how much it sets up or tears down for you |
21:37.22 | whartung | i.e. |
21:37.55 | whartung | if you try HttpServletRequest.login and the login fails, does it grenade your entire session -- it very well may (which may not be a bad thing, just saying...) |
22:17.36 | droope | whartung: that didn't work, I get a cannot find symbol login, which I am taking to be a sign from the above not to use cutting edge weird stuff. |
22:18.03 | droope | Will look into the JNDIRealm's source, see if there's anything I can use. |
23:18.01 | *** join/#tomcat ineku (~user@unaffiliated/pkeni) |
23:37.45 | droope | F*, might have parse the server.xml to get the necessary realms, instantiate them and merge them together in order to get access to the authenticate method |
23:39.01 | droope | tho this might be better https://wiki.apache.org/tomcat/HowTo#How_do_I_get_direct_access_to_a_Tomcat_Realm.3F |
23:43.53 | *** join/#tomcat pradhand (~pradhand@142.177.249.108) |
23:45.10 | whartung | I'd just copy the code... |
23:45.15 | whartung | and do it myself, but that's e |
23:45.16 | whartung | me |
23:53.34 | *** join/#tomcat kantlivelong (~kantlivel@home.kantlivelong.com) |