tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: using SSL on standalone Tomcat - Urgent !
Date Thu, 16 Nov 2000 18:05:45 GMT
Kurt Bernhard Pruenner wrote:

> "Lacerda, Wellington (AFIS)" wrote:
> > > <web-app>
> > >  <security-constraint>
> > >   <web-resource-collection>
> > >    <web-resource-name>a</web-resource-name>
> > >    <url-pattern>/wlss1/*</url-pattern>
> >
> > Change this to "/*".  The <url-pattern> setting is relative
> > to your context, not to the server root.
>
> AFAIK, the spec says to use "/" instead of "/*" - give that a try, I'd say.
>

In a security constraint, a "/" pattern would only match the "welcome" page for an
application, not any of its contents.  If you want to protect the entire
application, you need to use "/*".

If configured properly, I know this works because I've tested it (3.2b7) -- you
get an error message back that says "SSL is required for this context".

>
> --
> Kurt Pruenner - Haendelstrasse 17, 4020 Linz, Austria | Briareos at Olymp BBS:
> http://www.mp3.com/Leak http://www.ssw.uni-linz.ac.at | ssh bbs@138.232.112.32
> ...........It might be written "Mindfuck", but it's spelt "L-A-I-N"...........
> np: Kendall Jackman - Weightless (ambient.01@hyperreal comp.)

Craig McClanahan



Mime
View raw message