tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lacerda, Wellington (AFIS)" <Wellington.Lace...@fao.org>
Subject using SSL on standalone Tomcat - Urgent !
Date Wed, 15 Nov 2000 10:21:44 GMT
Hi All,

I've set up SSL on a 3.2b7 instance. Also I defined a context, say /wlss,
with a directory and a resource, say /wlss1/index.htm inside that context.

I want to configure that context in such a way that the access to
/wlss1/index.htm is only allowed if the transport is guaranteed at
confidential level(SSL). I read the spec and created this web.xml to do the
job:

<web-app>
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>a</web-resource-name>
   <url-pattern>/wlss1/*</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
   <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
  </web-resource-collection>
 </security-constraint>
</web-app>

By my understanding, I'm allowing access to the resource collection "a" -
mapped to /wlss1/anything with GET or POST only through a confidential
transport - SSL. 

It's not working at all. I can still access it through normal http. Am I
missing something here ?

Another question - how to impose confidential transport to the entire
context ?

Thanks in advance for any help,

Wellington Silva
UN/FAO


Mime
View raw message