tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: using SSL on standalone Tomcat - Urgent !
Date Thu, 16 Nov 2000 03:19:00 GMT
"Lacerda, Wellington (AFIS)" wrote:

> Hi All,
>
> I've set up SSL on a 3.2b7 instance. Also I defined a context, say /wlss,
> with a directory and a resource, say /wlss1/index.htm inside that context.
>
> I want to configure that context in such a way that the access to
> /wlss1/index.htm is only allowed if the transport is guaranteed at
> confidential level(SSL). I read the spec and created this web.xml to do the
> job:
>
> <web-app>
>  <security-constraint>
>   <web-resource-collection>
>    <web-resource-name>a</web-resource-name>
>    <url-pattern>/wlss1/*</url-pattern>

Change this to "/*".  The <url-pattern> setting is relative to your context,
not to the server root.

>
>    <http-method>GET</http-method>
>    <http-method>POST</http-method>
>    <user-data-constraint>
>     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>    </user-data-constraint>
>   </web-resource-collection>
>  </security-constraint>
> </web-app>
>
> By my understanding, I'm allowing access to the resource collection "a" -
> mapped to /wlss1/anything with GET or POST only through a confidential
> transport - SSL.
>
> It's not working at all. I can still access it through normal http. Am I
> missing something here ?
>
> Another question - how to impose confidential transport to the entire
> context ?
>
> Thanks in advance for any help,
>
> Wellington Silva
> UN/FAO

Craig McClanahan



Mime
View raw message