Return-Path: <Wellington.Lacerda@fao.org>
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 66919 invoked from network); 15 Nov 2000 13:57:46 -0000
Received: from pmdfext.fao.org (168.202.2.15)
  by locus.apache.org with SMTP; 15 Nov 2000 13:57:46 -0000
Received: from PMDFINT ([168.202.2.12])
 by PMDFEXT.fao.org (PMDF V5.2-32 #41665) with ESMTP id
 <0G4200BH4K5B3N@PMDFEXT.fao.org> for tomcat-user@jakarta.apache.org; Wed,
 15 Nov 2000 14:58:23 +0100 (MET)
Received: from CONVERSION-DAEMON by PMDFINT.fao.org (PMDF V5.2-32 #41664)
 id <0G4200901K5052@PMDFINT.fao.org> for tomcat-user@jakarta.apache.org; Wed,
 15 Nov 2000 14:58:23 +0100 (MET)
Received: from faoexch2.fao.org (faoexch2.fao.org [168.202.2.195])
 by PMDFINT.fao.org (PMDF V5.2-32 #41664)
 with ESMTP id <0G420090HK4X1W@PMDFINT.fao.org> for
 tomcat-user@jakarta.apache.org; Wed, 15 Nov 2000 14:58:10 +0100 (MET)
Received: by faoexch2.fao.org with Internet Mail Service (5.5.2650.21)
 id <W9QSXJGQ>; Wed, 15 Nov 2000 14:55:41 +0100
Content-return: allowed
Date: Wed, 15 Nov 2000 11:21:44 +0100
From: "Lacerda, Wellington (AFIS)" <Wellington.Lacerda@fao.org>
Subject: using SSL on standalone Tomcat - Urgent !
To: "'tomcat-user@jakarta.apache.org'" <tomcat-user@jakarta.apache.org>
Message-id: <11898960E237D411B53B0060B06BB4454248F5@afexch1.fao.org>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset=iso-8859-1
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

Hi All,

I've set up SSL on a 3.2b7 instance. Also I defined a context, say /wlss,
with a directory and a resource, say /wlss1/index.htm inside that context.

I want to configure that context in such a way that the access to
/wlss1/index.htm is only allowed if the transport is guaranteed at
confidential level(SSL). I read the spec and created this web.xml to do the
job:

<web-app>
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>a</web-resource-name>
   <url-pattern>/wlss1/*</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
   <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
  </web-resource-collection>
 </security-constraint>
</web-app>

By my understanding, I'm allowing access to the resource collection "a" -
mapped to /wlss1/anything with GET or POST only through a confidential
transport - SSL. 

It's not working at all. I can still access it through normal http. Am I
missing something here ?

Another question - how to impose confidential transport to the entire
context ?

Thanks in advance for any help,

Wellington Silva
UN/FAO