Tomcat security: Page Expired. I do want my JSPs to cache. How?

Similar Messages

• Can't read pages in ff4, I want firefox 3.6 baack, how do I get it?

  I upgraded to Firefox 4 and it shrunk the print on my pages where I cannot read it. Two minutes earlier it was fine with firefox 3.6 so give me back 3.6. I didn't see anything in 4 I gave a crap about just clutter and garbage so I want my old firefox back.

  try this:
  go to TOOLS then OPTIONS then ADVANCE then in UPDATE session go to AUTOMATICALLY CHECK FOR UPDATE TO and '''untick''' FIREFOX then go to WHEN UPDATES TO FIREFOX ARE FOUND and '''untick '''AUTOMATICALLY DOWNLOAD AND INSTALL THE UPDATE press OK to save changes. Restart firefox.
  thank you
  If this reply solves your problem, please click "Solved It" next to this reply to close the topic.

• SSRS report security by expiring its session

  Hello all,
  We are using SSRS 2008 r2 for Reporting as its financial services company so, too much scope for reporting .
  Here, i am facing some problems let to security when users opens report and forget to close anymore report still stay opens for a hours i get suggest that to expired session for report after 10 minutes . How to achieve this please help.
  also ,  instead of login to application users are opening report from browser history .
  Dilip Patil..

  Hi Dilip,
  According to your description, you have reports which can be accessed by a lot users. Now you want to expire the session 10 minutes after the user has no operation on the page. Right?
  In this scenario, we can embed javascript code in the report page. Keep the page monitoring the event on page. If there's no mouse click/move, key press event for 10 minute, it will redirect/close the page. Please go to the Report.aspx file, it locates at
  C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportManager\Pages. Embed the code below:
  <script type="text/javascript">
  var load_time = null;
  var down_time = null;
  function window.onload(){
  flag = false;
  load_time = setTimeout(function(){
  location.href("http://server name/Reports/Pages/Folder.aspx");
  },600000);
  function clear(){
  clearInterval(load_time);
  if(null != down_time){
  clearInterval(down_time);
  down_time = setTimeout(function(){
  location.href("http://server name/Reports/Pages/Folder.aspx");
  },600000);
  function document.onmousemove(){
  clear();
  function document.onmousedown(){
  clear();
  function document.onkeypress(){
  clear();
  </script>
  Then the report will redirect to the Report Manager page if it's timeout.
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou

• CUCM - Tomcat.der certificate expired

   I got an RTMT alert related to tomcat.der certificate expired.
   At Mon Aug 04 21:00:16 CDT 2014 on node 10.203.12.10, the following SyslogSeverityMatchFound events generated: 
  SeverityMatch : Critical
  MatchedEvent : Aug  4 21:00:01 CUCM01 local7 2 : 195: CUCM01.TEST.COM: Aug 05 2014 02:00:01.21 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:tomcat.der Unit:tomcat Type:own-cert Expiration:Wed Aug 6 14:42:00:000 CDT ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CUCM01]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID : 
  NodeID : CUCM01
   Could you please help me how to solve this problem.
  Regards
  Sathya

  How can I find whether the previous certificate is self signed or not.
  Two methods:
  1 - Go to OS Administration ( https://SERVER/cmplatform/ )  and login. (Remember, this is the operating system ID and password and NOT the ID/Password you use to login to ccmadmin with.) Go to Security -> Certificate Management and click find. This will list all your certificates. The tomcat one is usually at the top. The right hand column will tell you if it's self-signed or not.
  2 - Go to https://SERVER/cmplatform (no need to login) and click on the padlock to examine the certificate.
  whether the new certificate can be upload after the previous certificate is expired, will there be any problem.
  You can replace a certificate any time you want. You don't have to replace an expired certificate - but it's good practise too. (And it stops those annoying emails too!)
  Any services or server needs to be rebooted.
  For the Tomcat certificate, you have to restart the Tomcat service. This can only be done from the server CLI. So either login to the console, or SSH in (again, with the operating system ID & password) and type the command "utils service restart Cisco Tomcat" (NOTE: This is CaSe SeNsItIvE) Whilst this is restarting, all the web apps (ccmadmin, cmplatform, etc.) will be offline.
  How can we verify whether the certificates are proper.
  Not sure what you mean by this. If you mean: "How can I be sure the server is using the new certificate?" go to https://SERVER/ccmadmin and in your browser click the padlock to examine the certificate. HINT: You *may* have to restart your browser for it to notice the certificate change.
  GTG

• Flash Player 10 and secure pages

  Is anybody having problems viewing Flash files in Flash Player 10 over secure connections? I signed up for a website, and their login is secure, which is fine with me. Thing is, once I get into their members area, all of the Flash just stops working and some even flat out disappears. I complained at them about it, but they told me that it is my browser and not their website (how typical.) I've tried it in IE 8, FF2/FF3 on PC, and FF2, Safari on Mac, but the result is still the same. I think they have the problem because I can reproduce it on all of the computers at my house, but they say it is me. So, who is right? Me or them?

  We have the problem in all browsers on all platforms. I should note, however, that we have the problem with Flash Video and not any other Flash objects.
  We're hosted on a Windows 2003 server, and to the best of my ability to look at the IIS configurations we don't have any content expirations set at all. I've looked at the headers sent to the client and none of them relate to expiration of content. For now, we've just decided that if our client wants secure pages, they don't get Flash videos and that is all there is to it. Of course, this will last about as long as them not signing the contract, so we're still looking. There's got to be a solution to this somewhere, but nobody seems willing to post it.

• Tomcat 6 – Calling a  Java Servlet from a JSP Page

  Below is a very simple JSP Page that calls a Java Servlet. The question is given Tomcat security constraints, is it possible to call a servlet from a JSP and get the correct output without getting an error message? If so, how would you code the web.xml file?
  c:\apache-tomcat-6.0.18
  Under conf
  catalina
  localhost
  HelloWorldExample.xml is directly under localhost
  The application would have this directory structure:
  webapps
  HelloWorldExample
  hello.jsp is directly under HelloWorldExample
  Under HelloWorldExample
  src
  WEB-INF
  classes
  Under classes
  jservlets
  HelloWorld.java is in src folder
  HelloWorld.class is in jservlets folder
  HelloWorldExample.xml
  <Context path="/HelloWorldExample" docBase="HelloWorldExample" debug="0"
        reloadable="true" crossContext="true">    
  </Context>**************************
  hello.jsp
  <HTML>
  <HEAD>
  <TITLE>Hello</TITLE>
  </HEAD>
  <BODY>
  <FONT SIZE="4">
  <P>
  Please enter your name:
  <FORM 
     METHOD="Post"
     ACTION="servlet/jservlets.HelloWorld">
  <TABLE BORDER="3" CELLPADDING="1" WIDTH="100%" ALIGN="CENTER">
  <TR>
      <TD><B>Name:</B></TD>
      <TD><INPUT TYPE="text" NAME="Name" VALUE="" SIZE="65"> </TD>      
  </TR>
  </TABLE>
  <P>
  <INPUT TYPE="SUBMIT" VALUE="Submit">
  </FORM>
  </FONT>
  </BODY>
  </HTML>******************
  HelloWorld.java
  package jservlets;
  import java.io.*;
  import java.util.Date;
  import java.util.*;
  import java.text.*;
  import java.sql.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class HelloWorld extends HttpServlet
     PrintWriter out;
     PrintWriter err; 
     String strName;
  public void displayMessage(HttpServletRequest request, HttpServletResponse response)
        throws Exception
           try
              if (!strName.equals("") && strName != null)
                 out.println("Hello " + strName + "" + "<P>");
                  out.println("Hello World" + "<P>");
              else
                  out.println("Hello World" + "<P>");
          catch (Exception e)
              out.println("Exception: Could not display message." + "<P>");
              err.println (e.getMessage () ) ;
              out.println("<P>");
  public void doPost(HttpServletRequest request, HttpServletResponse response)
             throws ServletException, IOException
        try
             response.setContentType("text/html"); 
             out = response.getWriter();
             err = response.getWriter();
             strName = request.getParameter("Name").trim();
             out.println("<html><head><title>");        
            out.println("</title></head><body>");
             out.println("<FORM");
             out.println("METHOD=POST");
             out.println("ACTION=http://localhost:8080/HelloWorldExample/hello.jsp>");
           out.println("<TABLE ALIGN='RIGHT'>");
           out.println("<TR>");
           out.println("<TD>");          
             out.println("<INPUT TYPE=\"SUBMIT\" VALUE=\"Hello World Page\";>");
             out.println("</INPUT>");
            out.println("</TD>");
           out.println("</TR>");
           out.println("</TABLE>");
           out.println("</FORM>");
           out.println("<BR CLEAR='all'>");
             out.println("<P>");        
             displayMessage(request, response);
             out.close();
           out.println("</body></html>");               
         catch(Throwable e)
            e.printStackTrace();
        public void doGet(HttpServletRequest request, HttpServletResponse response)
           throws ServletException, IOException
           doPost(request, response);
  web.xml
  <servlet>
        <servlet-name>HelloWorld</servlet-name>
        <servlet-class>jservlets.HelloWorld</servlet-class>
  </servlet>  
  <servlet-mapping>
          <servlet-name>HelloWorld</servlet-name>
          <url-pattern>/servlet/HelloWorld</url-pattern>
  </servlet-mapping>      ******************************
  HelloWorld.java can be compiled by using javac.
  Once compiled, HelloWorld.class would be moved to the jservlets folder.
  FYI, coding the above url-pattern results in:
  HTTP Status 404
  The requested resource (/HelloWorldExample/servlet/jservlets.HelloWorld) is not available
  The following url-pattern in the web.xml file permits the servlet to be executed but results in a null pointer exception:
  <servlet-mapping>
          <servlet-name>HelloWorld</servlet-name>
          <url-pattern>/ </url-pattern>
  </servlet-mapping>      **************************************************
  Robin

  This problem was resolved.
  In hello.jsp
  ACTION="servlet/jservlets.HelloWorld">
  was replaced with
  ACTION="servlet/HelloWorld">
  Robin

• Why would Safari try to insert an s, as in https, into the facebook log in.  Safari won't open the secure page. Advice?

  Why would Safari try to insert an s, as in https, into the facebook log-in page.  "Safari can't connect to this secure page."  I've checked preferences and cannot find a reason for this change to the regular facebook address. Safari 5.0.5 on MacbookAir.  I can't even download the updated software.

  If you leave your session idle for a while, the site might log you out due to inactivity, but... I wouldn't trust that, either.
  Usually your bank will have a link, menu, or some other way to log out. Certainly that is the best thing if you can do it. Sometimes if a site is not fully compatible with Firefox its style rules will result in a jumbled layout. You can disable all the style rules and view the site in a plainer layout to see whether you can spot the missing link. To do that:
  tap the Alt key > View menu > Page Style > No Style
  (The tab will remain unstyled going forward. You can use the same menu to reapply the page's style sheets later.)
  Also, if you want to break the connection between Firefox and your banking session, you can clear your cookies for the bank site. This won't necessarily have any effect on your banking session ''on the server'' but should make it impossible for someone to use your Firefox to do anything in that session. To clear cookies for the current site, you can use the Page Info dialog. Here are 3 ways to open it:
  * right-click and choose View Page Info > Security > "View Cookies"
  * Alt+t (open the classic Tools menu) > Page Info > Security > "View Cookies"
  * click the padlock on the address bar > More Information > "View Cookies"
  In the dialog that opens, you can remove the site's cookies individually.
  Then reload the page and the site should behave as though you are not logged in.

• Why are security issues at bottom of security page

  When first using firefox noticed at bottom of security page several security issues.

  I'm pretty sure you want the iTunes support forum here:
  https://discussions.apple.com/community/itunes
  This is for iTunes U (iTunes for Universities).

• Self secured page not working in multiple sessions of same browser

  Hi
  I have created a selfsecured page by making security mode of page 'selfsecured' and adding validateParameter() in page controller.I didnt do guest user/resp setup as I want user to manually provide user id and choose responsibility,XLA_LINESINQ_GL_DRILLDOWN is a seeded function so no changes there.
  I am seeing very inconsistent behavior.
  1)At some times when I invoke function through url
  http://rws60180rems.us.oracle.com:8049/OA_HTML/RF.jsp?function_id=XLA_LINESINQ_GL_DRILLDOWN&jeHeaderId=64524&jeLineNum=1&jeSource=Payables&searchType=customize
  I get error "You are not authorized to access the function SLA: View Subledger Journal Entry Linesfrom a GL Journal Line. Please contact your System Administrator."
  2)On other times url works and user is taken to Ebs R12 login page,after providing login credentials user is able to view the page.But If I invoke same url or url with different parameters in different tab of browser or different window of same browser,get following error.Basically user can invoke this function and use this url only one at a time which is not practical in real world
  "You are trying to access a page that is no longer active.
  - You may have attempted to access to this page directly by bookmarking the page or copying the URL. This page does not support bookmarking.
  - The referring page may have come from a previous session. Please select Home to proceed."
  Am I missing something in my implementation?Are there any fnd profiles which control page behavior.Does OAF support that self secured pages successfully open in multiple browser windows.
  Preeti

  Hi,
  Is there any specific requirement to make the page as self secured, as most of the self selcured pages are build for guest user account. If there is any, kindly share.
  Now lets talk about the behaviour of the pages in different scenarios
  1) I get error "You are not authorized to access the function SLA: View Subledger Journal Entry Linesfrom a GL Journal Line. Please contact your System Administrator."
  Comment: As OAF pages does certain initialization like setting org_id, language etc based on the login user. But as you are trying to access the page by directly hitting the URL on browser, this might be one of the reason that you are getting above error.
  2) On other times url works and user is taken to Ebs R12 login page,after providing login credentials user is able to view the page.But If I invoke same url or url with different parameters in different tab of browser or different window of same browser,get following error.Basically user can invoke this function and use this url only one at a time which is not practical in real world
  Comment: As there is an active transaction and session for the browser, so it won't allow you to start with another transaction. But still can you try to do the same in another machine. Some of the browser allows you to have different session.
  Regards,
  Gyan

• FLASH CMS websites - secured pages

  Hi,
  I’m looking for a way to build FLASH websites, which the user will be able to edit and control its content himself. You know, a CMS website, but then totally build in FLASH. I already started Googling on this a bit and came across these 2 things
  -          www.flashcontentmanager.com
  -          www.flashloaded.com/flashcomponents/fcmspro/
  especially that last one looks interesting, but it does cost a 300 dollars for 1 website, which maybe isn’t that expensive, given it’s apparent completeness and easy to use interface, but I still want to explore other potential possibilities.
  What is needed on the website, is the possibility to add text, pictures , videos and extra pages by the user himself. Also, and maybe this is the most important / difficult, there has to be the possibility to make secured pages where the client can view his pictures without downloading them à the man that’s needs this website is a photographer that wants to offer his albums to the respective client for which he made the pictures, online. 1 client should be able to watch his pictures on 1 secured page of the site, another client should be able to watch his pics on another secured page of the site, without being able to download them... I hope you know what I mean, I’m sure you know what I mean.
  I believe this is possible with FCMSPRO on the flashloaded website (between the keyfeatures list on the website I see: ‘Allows for multiple users with different file upload permissions’ – so I assume that the man will be able to provide costumers a password with which they can watch their pics online, without down- or uploading something themselves?)
  Is there someone that can help me on this? Is there anyone that has had some experience with FCMSPRO, Flashcontentmanager or other CMS systems already? I’m curious if I’m going to get out of this. If it will be worth deepening myself in this, or if it will be best to tell the photographer to find someone else for this job.
  Thanks

  The method i showed above does have a front end and a back end. The code i posted above would be part of the image module in the back end for deleting images.
  1. You don't put images and files in the database, you create an uploader that uploads the files (pictures, whatever) onto the server and then writes an entry into the database telling it where the picture is stored, what the name of the file is, what type it is, whatever you need. Then when your website connects to the database and downloads the info and stuffs it into arrays, it iterates through the photo array and downloads the photos as needed using the URL you stored.
  2. Loading into the database is covered with the above tutorial but i'll post my database retrieval code anyway.
  This connects to a database and stuffs each column of a database into an Array. Then if i wanted to actually download the photos i mentioned by the urls just retrieved i'd use:
  3. Some people put them in seperate swfs at password protected URLs because its more secure but you don't necessarily have to.
  flash CMS isn't well covered, i spent a long time looking for tutorials and i definitely didnt find any that worked well. If you're still working through the basics like AS3 tweens, loaders, and loops, then you're going to want to figure those out first. Those are supported well online, though.
  Finally, here's a good example of some flash CMS: http://group94.com/#/flash94/
  Good luck.
  EDIT: Sorry for retracting my code, the client i did it for wasn't happy.

• Hi. My warranty expired on my iTouch 4G and I want to renew it. How do I renew it?

  Hi. My warranty expired on my iTouch 4G and I want to renew it. How do I renew it?

  They need to change it. Updating mine to iOS 6 "broke" it. It only goes to the "Connect to iTunes" page, but iTunes doesn't even read the iPod anymore. I have to get a new one.

• Self secure page always displaing Login User Name as GUEST

  Hi,
  We need a self secure page which doesn't prompt for oracle username and password in OAF
  We devloped such page in OAF but every time it is displaying Login User Name As Guest.
  By using below site i did developed self secure page
  https://blogs.oracle.com/manojmadhusoodanan/entry/self_secured_page_creation_in
  I want to find out my OSUSER Name from OAF .my requiremnet is based on login user i need to restrisct or display data on page.
  If i execute below query from database is giving my OSUSER name but same is giving Server name if i execute same sql through OAF.
  SELECT sys_context('USERENV', 'OS_USER') BUN FROM dual;
  SYS_CONTEXT('USERENV','OS_USER')         IN OAF   ------------  oracusd(Server name)
  prkaduri
  Please guide me on this .Its very urgent requiremnet.
  Regards
  Panduranga reddy

  If you are using BIP11g and using the default installation then BIP11g security mode is set to Fusion Middleware.
  All users and groups are controlled by Fusion Middleware Security.
  Any authenticated user will be able to run reports as in former BIP releases "guest".
  But also noticed the authenticated user will also have a privilege you want to remove
  as for example permission to delete report.
  Take a look at this link:
  http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10543/authentication.htm
  Cheers
  Jorge
  p.s
  1. In 11g you will have to read a lot before you can properly use the software, sorry.
  2. If this answers your question please grant the points and close the thread
  Edited by: Jorge Anicama on Mar 23, 2011 10:15 AM

• Locking/password securing pages documents

  Is there a way to lock or password secure pages documents? I am starting to journal in pages and I'd like to keep the files private. I know there's a way to restrict privileges for other user accounts but I'd like to be able to password secure the file on my account as well. Is there a way pages would allow me to do that?

  passing a record id in the url is not a problem as long as
  you use
  <cfqueryparam> in your queries to prevent sql injection
  attacks. passing
  sensitive info in url (usernames, passwords) is not a good
  idea at all.
  you may also want to set the scriptprotect attribute of
  <cfapplication>
  tag in your Application.cfm to appropriate value ("all" is
  good).
  on your hosting server they should have robust error
  reporting turned
  off - if they don't consider finding another host...
  Azadi Saryev
  Sabai-dee.com
  http://www.sabai-dee.com

• Where is the lock symbol that tells me I am on a secure page in Firefox 5.0

  I just recently upgraded to Firefox 5.0. The old version had a little lock in the bottom right hand corner that signified that I was on a secure page (for banking, shopping checkout, etc). I do not know where to check on the page of this new version to be sure that I am on a secure page before entering the required checkout info.
  Thanks for your help.

  The padlock only shows that there is a secure connection and doesn't guarantee that you are connected to the right server. So you might still be connected to the wrong server if you make a typo in the URL and someone has claimed that mistyped URL. The functionality of the padlock has been replaced by the Site Identity Button on the left end of the location (address) bar.
  https://support.mozilla.com/en-US/kb/Site+Identity+Button
  http://www.mozilla.com/en-US/firefox/security/identity/
  This has actually existed since Firefox 3.0
  If you still want a padlock icon also then
  https://addons.mozilla.org/en-US/firefox/addon/padlock-icon/

• While on my td bank secure site i log off then press the back arrow my secure page that i closed opens up.when i use internet explorer the same page doesnt sho

  when i log off my td bank secure account page with the td log off botton i get a new td page. if i press the back arrow on the address bar the secure page i just closed pops up. when i do the same witn onternet explorer a generic td bank page home page pops up NEVER an account page with secure info shown. when this happens every time i dont know if i have logged off the secure page. i close my online browser[now firefox] to be sure the connection is broken but is the secure page open to any kind of breach? i am using firefox due to concern about intternet explore but i know on explorer when i log off td bank secure page i was on i can not access that page again unlees i login ,on firefox i press back arrow on address bar and the secure page i logged off shows up.i feel this is an important issue and must be addressed. thank you

  Hi grdy83,
  What are your cookie settings?
  *[[Enable and disable cookies that websites use to track your preferences]]
  *[[Permissions Manager - Give certain websites the ability to store passwords, set cookies and more]]
  You can delete all history when you exit Firefox, but it seems odd that a secure page that should expire is still accessible. It may be a timed expiration, but check the third party cookie settings to make sure it is not allowed to be saved.
  I hope this helps prevent this from happening again.