tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: SSL
Date Tue, 13 Feb 2001 19:53:14 GMT
Julie Ruiz wrote:

> I have installed Tomcat+SSL.  I need that my aplications be acceded only through a secure
> How can I configure the context where are going to be the aplications that accede through
a secure URL, but canĀ“t be accede by a non secure URL??

For Tomcat+SSL stand-alone, you have a couple of choices:

* If you do not need the non-SSL port for anything else, you
  can disable it by removing the <Connector> element for port 8080
  from your "conf/server.xml" file.

* If you need non-SSL for other webapps and simply want to protect
  this one, you can add a security constraint to your web.xml file:


In this constraint, the URL pattern of "/*" protects your entire webapp (you could also require
SSL on only part of it, if you wished), while the
CONFIDENTIAL requirement means that SSL is required.

> Julie.

Craig McClanahan

View raw message