Adjusting security-constraints without disturbing active users
Locked
Adjusting security-constraints without disturbing active users
 
|
We have a number of forms for which we allow public access to the form new page to create a submission without logging in. Currently we do this by adding the form new url for appropriate forms to a security-constraint in the web.xml file as follows:
As far as I know these changes don't take effect until tomcat is restarted. If a person is currently filling out a form when tomcat restarts, I'm afraid that they will lose the data they have entered. As we add more forms and forms are submitted more often, it gets more difficult to find a good time to restart tomcat. Is there any way that I can cause tomcat to acknowledge the changes to web.xml without causing trouble for those people currently using the application? Perhaps there is a better way for me to set up tomcat. Aaron Spike This electronic communication, including any attached documents, may contain confidential and/or legally privileged information that is intended only for use by the recipient(s) named above. If you have received this communication in error, please notify the sender immediately and delete the communication and any attachments. Views expressed by the author do not necessarily represent those of Martin Luther College. -- You received this message because you are subscribed to the Google Groups "Orbeon Forms" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To post to this group, send email to [hidden email]. |
Re: Adjusting security-constraints without disturbing active users
Administrator
|
Hi Aaron, From what I read, it doesn't seem to be possible with Tomcat. E.g. see: http://stackoverflow.com/questions/5401791/want-to-reload-the-web-xml-without-restarting-the-server But an alternative might be to apply the security constraints in a filter instead of relying what is provided by the web.xml. I am not sure if UrlRewriteFilter can do this (http://tuckey.org/urlrewrite/), and better option might be to use Spring Security (http://projects.spring.io/spring-security/). If you get to try one of those options, you'll let us know how it works. Alex On Tue, Oct 6, 2015 at 1:41 PM Aaron Spike <[hidden email]> wrote:
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To post to this group, send email to [hidden email].
--
Follow Orbeon on Twitter: @orbeon Follow me on Twitter: @avernet |
Re: Adjusting security-constraints without disturbing active users
|
|
Let's try a different question. Does anyone know a way to retain active sessions through a server restart?
Aaron Spike On Tuesday, October 6, 2015 at 3:57:27 PM UTC-5, Alessandro Vernet wrote:
This electronic communication, including any attached documents, may contain confidential and/or legally privileged information that is intended only for use by the recipient(s) named above. If you have received this communication in error, please notify the sender immediately and delete the communication and any attachments. Views expressed by the author do not necessarily represent those of Martin Luther College. -- You received this message because you are subscribed to the Google Groups "Orbeon Forms" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To post to this group, send email to [hidden email]. |
Re: Adjusting security-constraints without disturbing active users
|
Administrator
|
Hi Aaron, yes, but it isn't completely trivial to do. For more on this, see:
https://github.com/orbeon/orbeon-forms/issues/2308 Alex
--
Follow Orbeon on Twitter: @orbeon Follow me on Twitter: @avernet |
Re: Adjusting security-constraints without disturbing active users
|
Administrator
|
Hi Aaron,
Reading Tomcat's documentation made me think of this post of yours from last month. I've never used this feature myself, but Tomcat supports having multiple version of the same app deployed, and "routing" new users to the latest version, while keeping existing users with the version they started with. The way I understand it, this should allow you to do what you were looking for, by deploying a new version of Orbeon Forms with your updated web.xml, which will impact new users and not touch existing users. https://tomcat.apache.org/tomcat-7.0-doc/config/context.html You'll let us know how it works out if you get to play with this. Alex
--
Follow Orbeon on Twitter: @orbeon Follow me on Twitter: @avernet |
Re: Adjusting security-constraints without disturbing active users
|
|
Thanks, I'll investigate this!
On Tuesday, November 10, 2015 at 11:30:25 AM UTC-6, Alessandro Vernet wrote: Hi Aaron, This electronic communication, including any attached documents, may contain confidential and/or legally privileged information that is intended only for use by the recipient(s) named above. If you have received this communication in error, please notify the sender immediately and delete the communication and any attachments. Views expressed by the author do not necessarily represent those of Martin Luther College. -- You received this message because you are subscribed to the Google Groups "Orbeon Forms" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To post to this group, send email to [hidden email]. |
«
Return to Orbeon Forms community mailing list
|
1 view|%1 views
| Free forum by Nabble | Edit this page |