tomcat security

We migrated our application from JBoss 5 to JBoss6 and one of the main reasons for this is to make use of the new features of servlet 3.0.…

I am deploying multiple webapps on tomcat6. Each webapp has its own SQLite database (which is under WEB-INF/). I have security manager enabled for…

In my webapp which is deployed on tomcat6.0.29 I have given <security-constraint>…

I have two Web Services (MyService and MyProtectedService). I want both going under the same port HTTPS but only the protected one to have client…

i am using tomcat security enabled server, and hibernate3 with c3p0 and here is my policies in catalina.policy (i found these lines on the net and…

We are currently using tomcat 5.5 and would like to add a salt to our JDBCRealm authentication. I was wondering if there was any existing classes or…

The hosting company changed their services to tomcat 7 with security manager, and from that time on I am getting this exception every time my…

Hi, i m using HTTP Digest to connect to my Spring application, using the Spring DigestAuthenticationFilter. The application is using Tomcat 7. It…

Since our shared hosting server doesn't allow us to setup Tomcat I decided to install it on our local machine. The local Tomcat server allows us to…

The error: on the ssl handshake with the ssl server. After: client hello, server hello, certificate, server key exchange and server hello done. The…

The Seam documentation would have you believe that if you define a property in web.xml, or through a -D argument, it will find it and automatically…

Hi all, I have two webapps that will both be sitting on the same domain/tomcat application server, just in different context paths. (e.g.…

Hi, My WebApp uses a Connector for 2-Way SSL (aka "Client Authentication"): <Connector port="8084" SSLEnabled="true" maxThreads="10"…

In our logs we're seeing credit-card numbers due to people hitting some of the ULRs in our app with CC info (I have no idea why they are doing…

Hi, i have generated certificate using Bouncy Castle library, my sample code is as below, String domainName ="localhost"; String certPath…

I'm working on a web site and I plan to use strictly OAuth in for user authentication. I've never implemented session management/user authentication…

Yandex.ru spiders are known of disobeying robots.txt. In Apache, you can disable yandex in htaccess file. How can I do the same thing with Tomcat?…

hi all this is what we need for our SOLR instance 1) all urls except for select need ip as well as password restrictions 2) select url can be…

Our customer has a problem with database information in plaintext within a server.xml or context.xml file on the Tomcat server. I've looked at…

Our use-case requires validating certificate revocation via OCSP on a PKIX set-up. My starting point was the code at this related question: OCSP…