tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lacerda, Wellington (AFIS)" <Wellington.Lace...@fao.org>
Subject RE: using SSL on standalone Tomcat - Urgent !
Date Thu, 16 Nov 2000 08:24:28 GMT
High Craigh,

Didn't work. I still can do http://localhost:8080/wlss/another_page.jsp
<http://localhost:8080/wlss/another_page.jsp>  , which is not SSL, and get
answered. I was expecting a NOT FOUND error on port 8080. Is this the
expected behaviour ? 
The logs don't show anything either.

Version 3.2b7 on NT4.0sp6 JDK 1.3 JSSE1.0.2.
Do I need a test certificate from a cert auth to get this running (don't
think so)?

Thanks,

Wellington



		-----Original Message-----
		From:	Craig R. McClanahan
[mailto:Craig.McClanahan@eng.sun.com]
		Sent:	16 November 2000 04:19
		To:	tomcat-user@jakarta.apache.org
		Subject:	Re: using SSL on standalone Tomcat - Urgent
!

		"Lacerda, Wellington (AFIS)" wrote:

		> Hi All,
		>
		> I've set up SSL on a 3.2b7 instance. Also I defined a
context, say /wlss,
		> with a directory and a resource, say /wlss1/index.htm
inside that context.
		>
		> I want to configure that context in such a way that the
access to
		> /wlss1/index.htm is only allowed if the transport is
guaranteed at
		> confidential level(SSL). I read the spec and created this
web.xml to do the
		> job:
		>
		> <web-app>
		>  <security-constraint>
		>   <web-resource-collection>
		>    <web-resource-name>a</web-resource-name>
		>    <url-pattern>/wlss1/*</url-pattern>

		Change this to "/*".  The <url-pattern> setting is relative
to your context,
		not to the server root.

		>
		>    <http-method>GET</http-method>
		>    <http-method>POST</http-method>
		>    <user-data-constraint>
		>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		>    </user-data-constraint>
		>   </web-resource-collection>
		>  </security-constraint>
		> </web-app>
		>
		> By my understanding, I'm allowing access to the resource
collection "a" -
		> mapped to /wlss1/anything with GET or POST only through a
confidential
		> transport - SSL.
		>
		> It's not working at all. I can still access it through
normal http. Am I
		> missing something here ?
		>
		> Another question - how to impose confidential transport to
the entire
		> context ?
		>
		> Thanks in advance for any help,
		>
		> Wellington Silva
		> UN/FAO

		Craig McClanahan
		

Mime
View raw message