tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve D George" <steve_geo...@uk.ibm.com>
Subject Re: How to enforce SSL???
Date Mon, 29 Apr 2002 11:24:30 GMT

Johnathan, thanks a lot for that. It works fine with the
transport-guarantee element set to CONFIDENTIAL. If I try to hit any of the
pages in the defined directory, tomcat redirects the request to the port
defined as the 'redirectPort' of the connector and switches to https
without me having to code a thing.

Cheers,

Steve.



                                                                                         
                             
                      "Jonathan Eric                                                     
                             
                      Miller"                  To:       "Tomcat Users List" <tomcat-user@jakarta.apache.org>
         
                      <jemiller@uchicag        cc:                                    
                                
                      o.edu>                   Subject:  Re: How to enforce SSL???    
                                
                                                                                         
                             
                      26/04/2002 18:52                                                   
                             
                      Please respond to                                                  
                             
                      "Tomcat Users                                                      
                             
                      List"                                                              
                             
                                                                                         
                             
                                                                                         
                             




I think if you add something similar to the following to the web.xml file
for your application, it will make it automatically redirect from HTTP to
HTTPS.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Tomcat</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

As far as requiring a particular encryption strength, the only way I know
how to do it is to check the following attributes. i.e. as far as I know
there isn't a flag in the web.xml file that you can use in order to require
128 bit encryption.
req.getAttribute("javax.servlet.request.cipher_suite")

req.getAttribute("javax.servlet.request.key_size")

javax.servlet.request.cipher_suite: SSL_RSA_WITH_RC4_128_MD5

javax.servlet.request.key_size: 128

Jon

----- Original Message -----
From: "Steve D George" <steve_george@uk.ibm.com>
To: <tomcat-user@jakarta.apache.org>
Sent: Friday, April 26, 2002 11:04 AM
Subject: How to enforce SSL???


> Hi, I'm working with a standalone Tomcat 4.0.2 on W2K. I've just gone
> through the SSL How To and created myself a little certificate and got
> everything working over SSL. I can access all my pages over HTTP or
HTTPS.
>
> My question now is how to enforce the use of HTTPS for a given page. The
> SSL How To says that any page that absolutely requires SSL should check
the
> protocol of the request and take the appropriate action, by which I
presume
> it means that you code a redirect to the same page but over https.
>
> Is this the standard way to enforce it though. I sort of imagined that
you
> would be able to say that any page in a certain directory should be
served
> over HTTPS and just let tomcat handle it for you?
>
> Thanks for any  help,
>
> Have a great weekend everyone!
>
> Cheers,
>
> Steve.
>
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>





--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message