Skip to main content

Home/ SoftwareEngineering/ Group items matching "web" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Session Management Cheat Sheet - OWASP - 0 views

www.owasp.org/...Session_Management_Cheat_Sheet

OWASP BestPractices CheatSheet SessionManagement

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Session Management Cheat Sheet
  • should not be extremely descriptive nor offer unnecessary details
  • change the default session ID name of the web development framework to a generic name
  • ...50 more annotations...
  • length must be at least 128 bits (16 bytes)
  • Session ID Length
  • Session ID Name Fingerprinting
  • Session ID Properties
  • Session ID Entropy
  • must be unpredictable (random enough) to prevent guessing attacks
  • good PRNG (Pseudo Random Number Generator) must be used
  • must provide at least 64 bits of entropy
  • Session ID Content (or Value)
  • content (or value) must be meaningless
  • identifier on the client side
  • meaning and business or application logic associated to the session ID must be stored on the server side
  • session objects or in a session management database or repository
  • create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
  • Session Management Implementation
  • defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
  • token expiration date and time
  • This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
  • Transport Layer Security
  • use an encrypted HTTPS (SSL/TLS) connection for the entire web session
  • not only for the authentication
  • process where the user credentials are exchanged.
  • “Secure” cookie attribute
  • must be used to ensure the session ID is only exchanged through an encrypted channel
  • never switch a given session from HTTP to HTTPS, or viceversa
  • should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
  • should not offer public unencrypted contents and private encrypted contents from the same host
  • www.example.com over HTTP (unencrypted) for the public contents
  • secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
  • only has port TCP/80 open
  • only has port TCP/443 open
  • “HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
  • Secure Attribute
  • instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
  • HttpOnly Attribute
  • instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
  • Domain and Path Attributes
  • instructs web browsers to only send the cookie to the specified domain and all subdomains
  • “Domain” cookie attribute
  • “Path” cookie attribute
  • instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
  • vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
  • Expire and Max-Age Attributes
  • “Max-Age”
  • “Expires” attributes
  • it will be considered a
  • persistent cookie
  • and will be stored on disk by the web browser based until the expiration time
  • use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
  • Session ID Life Cycle
kuni katsuya

Fiddler Web Debugger - Configuring clients - 0 views

www.fiddler2.com/...hookup.asp

https debug SSL ManInTheMiddle Fiddler proxy

shared by kuni katsuya on 20 Feb 13 - No Cached
  • Debug traffic from another machine (even a device or Unix box)
  • Allow remote clients to connect
  • kuni katsuya on 20 Feb 13
     
    "HTTP application to use Fiddler? You can either directly configure the WinHTTP application to point to Fiddler, in code, or you can use the following command at the command prompt to tell WinHTTP to use Fiddler: On XP or below: proxycfg -p http=127.0.0.1:8888;https=127.0.0.1:8888 ...or this one to force WinHTTP to use WinINET's proxy settings: proxycfg -u On Vista or above, use an Elevated (admin) command prompt: netsh winhttp set proxy 127.0.0.1:8888 Note: On Windows 7 and earlier, netsh is bitness specific, so you may want to run the above command twice: first using the 32bit NETSH and then using the 64bit NETSH. This blog has more information. This issue was fixed in Windows 8; you can call either NetSh just once to set the proxy for both 32bit and 64bit WinHTTP hosts. Capture traffic from a different account, like ASP.NET on IIS or from a Windows Service? Trying to capture SOAP calls coming from ASP.NET or some background service process?  By default, Fiddler registers as the proxy only for the current user account (ASP.NET runs in a different user account). To get a background process (like the ASP.NET or IIS process) to use Fiddler, you must configure that process to use Fiddler. Typically, this is done by editing web.config or machine.config for the ASP.NET installation, or the configuration for the code running within the Windows Service. Please see http://msdn.microsoft.com/en-us/magazine/cc300743.aspx#S4 or the section on .NET or WinHTTP, depending on which network stack the service is using. Configure Windows Phone 7 to use Fiddler? Please see http://blogs.msdn.com/b/fiddler/archive/2011/01/09/debugging-windows-phone-7-device-traffic-with-fiddler.aspx for actual device hardware, or http://blogs.msdn.com/b/fiddler/archive/2010/10/15/fiddler-and-the-windows-phone-emulator.aspx for the emulator. Configure Google Nexus 7 (Andoid 4.1 Jellybean) to use Fiddler? Please see this page. Configure Android Emulator to use Fiddler? Please see http://au
kuni katsuya

Chapter 3. Project Setup - 0 views

www.graniteds.org/...graniteds.projectsetup.html

graniteds project configuration

shared by kuni katsuya on 08 Aug 12 - No Cached
  • The configuration of a GraniteDS project will generally involve the following steps : Add the GraniteDS jars to the WEB-INF/lib folder of the WAR file or the lib folder of the EAR file Add the GraniteDS listener, servlets and filters in the standard WEB-INF/WEB.xml configuration file Define the internal configuration of GraniteDS in the WEB-INF/granite/granite-config.xml file Define the application configuration of GraniteDS (remoting destinations, messaging topics...) in the WEB-INF/flex/services-config.xml
  • You will always need granite.jar
  • jar for your JPA provider (granite-hibernate.jar for Hibernate)
  • ...11 more annotations...
  • granite-beanvalidation.jar if you want to benefit from the integration with the Bean Validation API
  • configuration file declares 3 differents things
  • Channel endpoint
  • Service factories
  • Service/destinations
  • destinations using this factory will route incoming remote calls to EJB 3
  • endpoint
  • factory 
  • destination
  • channel 
  • factory
kuni katsuya

Plugins - Jenkins - Jenkins Wiki - 0 views

wiki.jenkins-ci.org/...Plugins

jenkins continuousintegration ci plugin hudson

shared by kuni katsuya on 07 Jun 12 - No Cached
  • Git Plugin — This plugin allows use of Git as a build SCM
  • Subversion Plugin — This plugin adds the Subversion support (via SVNKit) to Jenkins
  • Subversion Release Manager — This plugin allows you to set up a job in Hudson for building specific revisions of a project.
  • ...77 more annotations...
  • Subversion Tagging Plugin — This plugin automatically performs subversion tagging (technically speaking svn copy) on successful build.
  • ViewVC Plugin — This plugin integrates ViewVC browser interface for CVS and Subversion with Hudson.
  • Source code management
  • Build Pipeline Plugin — This plugin creates a pipeline of Hudson\Jenkins jobs and gives a view so that you can visualise it.
  • Build tools
  • JBoss Management Plugin — This plugin allows to manage a JBoss Application Server during build procedure
  • Maven 2 Project Plugin — Jenkin's Maven 2 project type
  • Phing Plugin — This plugin allows you to use Phing to build PHP projects.
  • Post build task — This plugin allows the user to execute a shell/batch task depending on the build log output. Java regular expression are allowed.
  • Promoted Builds Plugin — This plugin allows you to distinguish good builds from bad builds by introducing the notion of 'promotion'.
  • Publish Over SSH Plugin — Publish files and/or execute commands over SSH (SCP using SFTP)
  • Selenium AES Plugin — This plugin is for continuous regression test by Selenium Auto Exec Server (AES).
  • Vagrant Plugin — This plugin allows booting of Vagrant virtual machines, provisioning them and also executing scripts inside of them
  • Unicorn Validation Plugin — This plugin uses W3C's Unified Validator, which helps improve the quality of Web pages by performing a variety of checks.
  • Build wrappers
  • Android Emulator Plugin — Lets you automatically generate, launch and interact with an Android emulator during a build, with the emulator logs being captured as artifacts.
  • Artifactory Plugin — This plugin allows deploying Maven 2, Maven 3, Ivy and Gradle artifacts and build info to the Artifactory artifacts manager.
  • AWS Cloudformation Plugin — A plugin that allows for the creation of cloud formation stacks before running the build and the deletion of them after the build is completed.
  • Build Keeper Plugin — Select a policy for automatically marking builds as "keep forever" to enable long term analysis trending when discarding old builds - or use to protect logs and artifacts from certain builds
  • Build Name Setter Plugin — This plugin sets the display name of a build to something other than #1, #2, #3, ...
  • SSH plugin — You can use the SSH Plugin to run shell commands on a remote machine via ssh.
  • SeleniumRC Plugin — This plugin allows you to create Selenium server instance for each project build.
  • Vagrant Plugin — This plugin allows booting of Vagrant virtual machines, provisioning them and also executing scripts inside of them
  • Timestamper — Adds timestamps to the Console Output.
  • VirtualBox Plugin — This plugin integrates Jenkins with VirtualBox (version 3, 4.0 and 4.1) virtual machine.
  • Version Number Plugin — This plugin creates a new version number and stores it in the environment variable whose name you specify in the configuration.
  • VMware plugin — This plugin allows you to start a VMware Virtual Machine before a build and stop it again after the build completes.
  • AWS Cloudformation Plugin — A plugin that allows for the creation of cloud formation stacks before running the build and the deletion of them after the build is completed.
  • Desktop Notifier for Jenkins — This is useful for those who are looking for a Desktop Notifier for Jenkins builds to automatically notify you about failed builds directly from their desktops.
  • Email-ext plugin — This plugin allows you to configure every aspect of email notifications. You can customize when an email is sent, who should receive it, and what the email says.
  • Google Calendar Plugin — This plugin publishes build records over to Google Calendar
  • HTML5 Notifier Plugin — Provides W3C Web Notifications support for builds.
  • Jabber Plugin — Integrates Jenkins with the Jabber/XMPP instant messaging protocol. Note that you also need to install the instant-messaging plugin.
  • Build reports
  • Checkstyle Plugin — This plugin generates the trend report for Checkstyle, an open source static code analysis program. 
  • Clover PHP Plugin — This plugin allows you to capture code coverage reports from PHPUnit. For more information on how to set up PHP projects with Jenkins have a look at the Template for Jenkins Jobs for PHP Projects.
  • Crap4J Plugin — This plugin reads the "crappy methods" report from Crap4J. Hudson will generate the trend report of crap percentage and provide detailed information about changes.
  • Dependency Analyzer Plugin — This plugin parses dependency:analyze goal from maven build logs and generates a dependency report
  • Dependency Graph View Plugin — Shows a dependency graph of the projects using graphviz. Requires a graphviz installation on the server.
  • FindBugs Plugin — This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 
  • Grinder Plugin — This plugin reads output result files from Grinder performance tests, and will generate reports showing test results for every build and trend reports showing performance results across builds.
  • JSUnit plugin — This plugin allows you publish JSUnit test results
  • Performance Plugin — This plugin allows you to capture reports from JMeter and JUnit . Hudson will generate graphic charts with the trend report of performance and robustness.
  • PerfPublisher Plugin — This plugin generates global and trend reports for tests results analysis. Based on an open XML tests results format, the plugin parses the generated files and publish statistics, reports and analysis on the current health of the project.
  • PMD Plugin — This plugin generates the trend report for PMD, an open source static code analysis program. 
  • Sonar plugin — Quickly benefit from Sonar, an open-source dashboard based on many analysis tools like Checkstyle, PMD and Cobertura.
  • testng-plugin — This plugin allows you to publish TestNG results.
  • Violations — This plug-in generates reports static code violation detectors such as checkstyle, pmd, cpd, findbugs, codenarc, fxcop, stylecop and simian.
  • xUnit Plugin — This plugin makes it possible to publish the test results of an execution of a testing tool in Jenkins.
  • Artifact uploaders
  • ArtifactDeployer Plugin — This plugin makes it possible to copy artifacts to remote locations.
  • Artifactory Plugin — This plugin allows deploying Maven 2, Maven 3, Ivy and Gradle artifacts and build info to the Artifactory artifacts manager.
  • Confluence Publisher Plugin — This plugin allows you to publish build artifacts as attachments to an Atlassian Confluence wiki page.
  • Deploy Plugin — This plugin takes a war/ear file and deploys that to a running remote application server at the end of a build
  • FTP-Publisher Plugin — This plugin can be used to upload project artifacts and whole directories to an ftp server.
  • HTML Publisher Plugin
  • Publish Over FTP Plugin — Publish files over FTP
  • Publish Over SSH Plugin — Publish files and/or execute commands over SSH (SCP using SFTP)
  • S3 Plugin — Upload build artifacts to Amazon S3
  • SCP plugin — This plugin uploads build artifacts to repository sites using SCP (SSH) protocol.
  • Hudson Helper for Android — Monitor your CI builds right from your Android device.
  • Hudson Mobi, the iPhone, iPod and Android client for Hudson CI — The iPhone, iPod and iPad client for Hudson CI monitoring on the road.
  • Hudson Monitor for Android — Monitor and display the status of your builds on your Android™ phone.
  • External site/tool integrations
  • Jira Issue Updater Plugin — This is a Jenkins plugin which updates issues in Atlassian Jira (by changing their status and adding a comment) as part of a Jenkins job.
  • JIRA Plugin — This plugin integrates Atlassian JIRA to Jenkins.
  • ChuckNorris Plugin — Displays a picture of Chuck Norris (instead of Jenkins the butler) and a random Chuck Norris 'The Programmer' fact on each build page.
  • UI plugins
  • Active Directory plugin — With this plugin, you can configure Jenkins to authenticate the username and the password through Active Directory.
  • Audit Trail Plugin — Keep a log of who performed particular Jenkins operations, such as configuring jobs.
  • JClouds Plugin — This plugin uses JClouds to provide slave launching on most of the currently usable Cloud infrastructures.
  • Checkstyle Plugin — This plugin generates the trend report for Checkstyle, an open source static code analysis program. 
  • FindBugs Plugin — This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 
  • JIRA Plugin — This plugin integrates Atlassian JIRA to Jenkins.
  • M2 Release Plugin — This plugin allows you to perform a release build using the maven-release-plugin from within Jenkins.
  • PMD Plugin — This plugin generates the trend report for PMD, an open source static code analysis program. 
  • Meme Generator Plugin — Generate Meme images when a build fails (and returns to stable), and post them on the project page.
kuni katsuya

JBoss Web Configuration Reference - The Web subsystem - 1 views

docs.jboss.org/...subsystem.html

jbossas7 configuration MimeType Content-Type

shared by kuni katsuya on 22 Aug 12 - No Cached
  • mime-mapping That is the mapping of file extension to the Content-Type mime header. Most of the current file extensions are already hard coded in the web subsystem, you only need to add a mime-mapping is you want to overwrite the default mapping for a file extension or add a new file extension to the mapping. See below for more. There could be more than one mime-mapping per configuration.
  • mime-mapping The mime-mapping of configurationWeb SubSystem supports the following attributes: AttributeDescriptionname File extension to map. value Value to use.
kuni katsuya

Web Features | Apache Shiro - 0 views

shiro.apache.org/web-features.html

Shiro web features

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Apache Shiro Web Features
kuni katsuya

Article Series: Migrating Spring Applications to Java EE 6 - Part 1 | How to JBoss - 1 views

howtojboss.com/...plications-to-java-ee-6-part-1

spring javaee6 migration

shared by kuni katsuya on 06 Jun 12 - No Cached
  • In fact people still love those books without realizing that the world has changed dramatically ever since
  • The reality check here is to wonder whether the rhetorics set forth by Rod Johnson in his 2003/2004 books are still actual today
  • So if you still care about those books, the best way to show your appreciation is probably to use them as your monitor stand
  • ...21 more annotations...
  • The discussion whether or not to use Spring vs. Java EE for new enterprise Java applications is a no-brainer
  • Why migrate?
  • since then fallen a prey to the hungry minds of Venture Capitalists and finally into the hands of a virtualization company called VMware
  • While the different companies and individuals behind the Spring framework have been doing some work in the JCP their voting behavior on important JSRs is peculiar to say the least
  • outdated ORM solution like JDBC templates
  • some developers completely stopped looking at new developments in the Java EE space and might have lost track of the current state of technology
  • size of the deployment archive
  • fairly standard Java EE 6 application will take up about 100 kilobytes
  • comparable Spring application weighs in at a whopping 30 Megabytes!
  • Lightweight
  • Firing up the latest JBoss AS 7 Application Server from scratch and deploying a full blown Java EE 6 application into the server takes somewhere between two and five seconds on a standard machine. This is in the same league as a Tomcat / Spring combo
  • Dependency injection
  • Java EE 6, the Context and Dependency Injection (CDI) specification was introduced to the Java platform, which has a very powerful contextual DI model adding extensibility of injectable enterprise services
  • Aspect Oriented Programming
  • “AOP Light” and this is exactly what Java EE Interceptors do
  • common pitfall when taking AOP too far is that your code might end up all asymmetric and unreadable. This is due to the fact that the aspect and its implementation are not in the same place. Determining what a piece of code will do at runtime at a glance will be really hard
  • Testing
  • With Arquillian we can get rid of mocking frameworks and test Java EE components in their natural environment
  • Tooling
  • capabilities comparison matrix below to map Spring’s technology to that of Java EE
  • Capability Spring JavaEE Dependency Injection Spring Container CDI Transactions AOP / annotations EJB Web framework Spring Web MVC JSF AOP AspectJ (limited to Spring beans) Interceptors Messaging JMS JMS / CDI Data Access JDBC templates / other ORM / JPA JPA RESTful Web Services Spring Web MVC (3.0) JAX-RS Integration testing Spring Test framework Arquillian *
kuni katsuya

JBoss Web - Documentation Index - 0 views

docs.jboss.org/7.0.x

jbossweb jbossas7

shared by kuni katsuya on 22 Jun 12 - No Cached
  • top-level entry point of the documentation bundle for the JBoss Web Servlet/JSP container
  • JBoss Web implements the Servlet 3.0 and JavaServer Pages 2.2 specifications
  • JBoss Web 7.0.x is a subsystem of AS7, there isn't yet standalone version of it
kuni katsuya

Session Management | Apache Shiro - 0 views

shiro.apache.org/session-management.html

java security authentication authorization ApacheShiro SessionManagement session

shared by kuni katsuya on 04 Oct 12 - No Cached
  • available in any application,
  • regardless of container.
  • even if you deploy your application in a Servlet or EJB container, there are still compelling reasons to use Shiro's Session support instead of the container's
  • ...40 more annotations...
  • Easy Custom Session Storage
  • POJO/J2SE based (IoC friendly)
  • Container-Independent Clustering!
  • Heterogeneous Client Access
  • Event Listeners
  • listen to lifecycle events during a session's lifetime
  • Host Address Retention
  • retain the IP address or host name of the host from where the session was initiated
  • Inactivity/Expiration Support
  • can be prolonged via a touch() method to keep them 'alive' if desired
  • Transparent Web Use
  • can use Shiro sessions in existing web applications and you
  • don't need to change any of your existing web cod
  • Can be used for SSO
  • easily stored in any data source
  • can be
  • 'shared'
  • across applications if needed
  • 'poor man's SSO'
  • simple sign-on experience since the shared session can retain authentication state
  • interface-based and implemented with POJOs
  • allows you to easily configure all session components with any JavaBeans-compatible configuration format, like JSON, YAML
  • easily extend
  • customize session management functionality
  • session data can be easily stored in any number of data sources
  • easily clustered using any of the readily-available networked caching products
  • no matter what container you deploy to, your sessions will be clustered the same way
  • No need for container-specific configuration!
  • Shiro sessions can be 'shared' across various client technologies
  • listen for these events and react to them for custom application behavior
  • SecurityUtils.getSubject()
  • currentUser.getSession()
  • If the Subject already has a Session, the boolean argument is ignored and the Session is returned immediately
  • If the Subject does not yet have a Session and the create boolean argument is true,
  • a new session will be created
  • and returned.
  • If the Subject does not yet have a Session and the create boolean argument is false, a new session will not be created and null is returned.
  • Suject.getSession(boolean create)
  • method functions the same way as the
  • HttpServletRequest.getSession(boolean create) method:
    • kuni katsuya
      kuni katsuya on 04 Oct 12
kuni katsuya

MySQL & Apache Derby as jdbcRealm for Apache Shiro | Nabil Hachicha - 0 views

nhachicha.wordpress.com/...-as-jdbcrealm-for-apache-shiro

ApacheShiro JdbcRealm example MySQL

shared by kuni katsuya on 03 Sep 12 - No Cached
  • http://localhost:8080/ShiroDemo/auth/secured.jsp
  • MySQL & Apache Derby as jdbcRealm for Apache Shiro
  • Step 1 creating a simple WebApp
  • ...36 more annotations...
  • Step 2 securing some content
  • create a database that will hold the list of the authorized users along with their password
  • Create a new directory “auth” and add a new JSP under it, let’s call it “BackOffice.jsp“
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      create directory 'auth' under webapps directory
  • enable Shiro into our project by adding a ServletFilter into our Web.xml
  •  <filter-class>05            org.apache.shiro.web.servlet.IniShiroFilter06        </filter-class>
  • 10    <filter-mapping>11         <filter-name>ShiroFilter</filter-name>12         <url-pattern>/*</url-pattern>13    </filter-mapping>
  • classpath:shiro.ini
  • shiro-core
  • shiro-web
  • create shiro.ini under resource dir
  • 07ds.jdbcUrl=jdbc:derby://localhost:1527/shiro_schema08ds.username = APP09ds.password = APP
  • 15/auth/** = authcBasic16/** = anon
  • jdbcRealm.authenticationQuery
  • jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
  • setup the jdbc realm, this is where Shiro will find the authorized users
  • map the URLs to be protected, all the url under /auth should be authenticated with basic HTTP authentication
  • All the other URLs should be accessed without authentication
  • Add a new directory under src let’s call it production we will create a new shiro configuration file compatible with MySQL
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      create src/production/resources/shiro.ini with contents below
  • 06ds.serverName = localhost07ds.user = ADM08ds.password = secret12309ds.databaseName = shiro_schema
  • jdbcRealm which use a MySQL driver
  • jdbcRealm.dataSource = $ds
  • jdbcRealm.dataSource=$ds
  • added the appropriate dependency to maven pom.xml
  • mysql-connector-java
  • environment.type
  • staging
  • 13                <jdbc.user>APP</jdbc.user>14                <jdbc.passwd>APP</jdbc.passwd>15                <jdbc.url>jdbc:derby://localhost:1527/shiro_schema</jdbc.url>16                <jdbc.driver>org.apache.derby.jdbc.ClientDriver</jdbc.driver>
  • src/main/resources
  • derbyclient
  • production
  • environment.type
  • 45                <jdbc.user>ADM</jdbc.user>46                <jdbc.passwd>secret123</jdbc.passwd>47                <jdbc.ds>com.mysql.jdbc.jdbc2.optional.MysqlDataSource</jdbc.ds>48                <jdbc.serverName>localhost</jdbc.serverName>49                <jdbc.databaseName>shiro_schema</jdbc.databaseName>
  • src/production/resources
  • To build and run for staging
  • To build for production
  • -Denvironment.type=prod
kuni katsuya

JBoss Web - Apache Portable Runtime and JBoss Web - 0 views

docs.jboss.org/...apr.html

jbossweb apr native

shared by kuni katsuya on 22 Jun 12 - No Cached
  • Apache Portable Runtime and JBoss Web
kuni katsuya

Web | Apache Shiro - 0 views

shiro.apache.org/web.html

security ApacheShiro SessionManagement session

shared by kuni katsuya on 19 Sep 12 - No Cached
  • Session Management
  • Servlet Container Sessions
  • kuni katsuya on 19 Sep 12
     
    "t"
kuni katsuya

Fetching Client IP Address and Header information in JBoss AS7 access log « JBoss - 0 views

middlewaremagic.com/jboss

jbossas7 AccessLog

shared by kuni katsuya on 11 Oct 12 - No Cached
  • Fetching Client IP Address and Header information in JBoss AS7 access log
  • “org.apache.catalina.valves.AccessLogValve”
  • More informations about this Valve can be found in the following link: http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Access_Log_Valve
  • ...10 more annotations...
  • Some of the useful patterns
  • %h - Remote host name (or IP address if resolveHosts is false)
  • %a - Remote IP address
  • %u - Remote user that was authenticated (if any), else '-'
  • %r - First line of the request (method and request URI)
  • %s - HTTP status code of the response
  • %b - Bytes sent, excluding HTTP headers, or '-' if zero
  • %S - User session ID
  • %t - Date and time, in Common Log Format
  • %m - Request method (GET, POST, etc.)
  • kuni katsuya on 11 Oct 12
     
    "/subsystem=web/virtual-server=default-host/access-log=configuration:add(pattern="%h %l %u %t "%r" %s %b %{User-Agent}i %{JSESSIONID}c")"
1 - 20 of 84 Next › Last »
Showing 20 items per page