Return-Path: <Wellington.Lacerda@fao.org>
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 32320 invoked from network); 16 Nov 2000 08:26:11 -0000
Received: from pmdfext.fao.org (168.202.2.15)
  by locus.apache.org with SMTP; 16 Nov 2000 08:26:11 -0000
Received: from PMDFINT ([168.202.2.12])
 by PMDFEXT.fao.org (PMDF V5.2-32 #41665) with ESMTP id
 <0G43006FBZGTRL@PMDFEXT.fao.org> for tomcat-user@jakarta.apache.org; Thu,
 16 Nov 2000 09:26:53 +0100 (MET)
Received: from CONVERSION-DAEMON by PMDFINT.fao.org (PMDF V5.2-32 #41664)
 id <0G4300801ZGSX1@PMDFINT.fao.org> for tomcat-user@jakarta.apache.org; Thu,
 16 Nov 2000 09:26:53 +0100 (MET)
Received: from faoexch2.fao.org (faoexch2.fao.org [168.202.2.195])
 by PMDFINT.fao.org (PMDF V5.2-32 #41664)
 with ESMTP id <0G4300793ZGRB7@PMDFINT.fao.org> for
 tomcat-user@jakarta.apache.org; Thu, 16 Nov 2000 09:26:52 +0100 (MET)
Received: by faoexch2.fao.org with Internet Mail Service (5.5.2650.21)
 id <W9QSX5K0>; Thu, 16 Nov 2000 09:24:29 +0100
Content-return: allowed
Date: Thu, 16 Nov 2000 09:24:28 +0100
From: "Lacerda, Wellington (AFIS)" <Wellington.Lacerda@fao.org>
Subject: RE: using SSL on standalone Tomcat - Urgent !
To: "'tomcat-user@jakarta.apache.org'" <tomcat-user@jakarta.apache.org>
Message-id: <11898960E237D411B53B0060B06BB4454248FD@afexch1.fao.org>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset=iso-8859-1
Importance: high
X-Priority: 1
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

High Craigh,

Didn't work. I still can do http://localhost:8080/wlss/another_page.jsp
<http://localhost:8080/wlss/another_page.jsp>  , which is not SSL, and get
answered. I was expecting a NOT FOUND error on port 8080. Is this the
expected behaviour ? 
The logs don't show anything either.

Version 3.2b7 on NT4.0sp6 JDK 1.3 JSSE1.0.2.
Do I need a test certificate from a cert auth to get this running (don't
think so)?

Thanks,

Wellington



		-----Original Message-----
		From:	Craig R. McClanahan
[mailto:Craig.McClanahan@eng.sun.com]
		Sent:	16 November 2000 04:19
		To:	tomcat-user@jakarta.apache.org
		Subject:	Re: using SSL on standalone Tomcat - Urgent
!

		"Lacerda, Wellington (AFIS)" wrote:

		> Hi All,
		>
		> I've set up SSL on a 3.2b7 instance. Also I defined a
context, say /wlss,
		> with a directory and a resource, say /wlss1/index.htm
inside that context.
		>
		> I want to configure that context in such a way that the
access to
		> /wlss1/index.htm is only allowed if the transport is
guaranteed at
		> confidential level(SSL). I read the spec and created this
web.xml to do the
		> job:
		>
		> <web-app>
		>  <security-constraint>
		>   <web-resource-collection>
		>    <web-resource-name>a</web-resource-name>
		>    <url-pattern>/wlss1/*</url-pattern>

		Change this to "/*".  The <url-pattern> setting is relative
to your context,
		not to the server root.

		>
		>    <http-method>GET</http-method>
		>    <http-method>POST</http-method>
		>    <user-data-constraint>
		>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		>    </user-data-constraint>
		>   </web-resource-collection>
		>  </security-constraint>
		> </web-app>
		>
		> By my understanding, I'm allowing access to the resource
collection "a" -
		> mapped to /wlss1/anything with GET or POST only through a
confidential
		> transport - SSL.
		>
		> It's not working at all. I can still access it through
normal http. Am I
		> missing something here ?
		>
		> Another question - how to impose confidential transport to
the entire
		> context ?
		>
		> Thanks in advance for any help,
		>
		> Wellington Silva
		> UN/FAO

		Craig McClanahan