tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve D George" <>
Subject Re: TOMCAT & SSL !!!
Date Tue, 30 Apr 2002 10:18:11 GMT

Hi, have a look for postings titled 'How to enforce SSL' that were posted
over the last few days. Assuming you have gone through the How-to-SSL
document in the tomcat docs and set up a certificate, to enforce SSL for a
certain directory in your context, you need something like this in your

<!-- Define a Security Constraint on this Application -->
      <web-resource-name>Entire Application</web-resource-name>

  <!-- Define the Login Configuration for this Application -->
    <realm-name>Location Tracker Application</realm-name>

The important piece is the user-data-constraint and the
transport-guarantee. This tells tomcat that all requests to the url pattern
(in my case it is the whole of my context) should be sent over HTTPS. If a
request is received over HTTP, tomcat will redirect the request at whatever
port is defined in server.xml as the 'redirectPort' for the HTTP connector.
This is probably 8443. You then need to make sure that you have an SSL only
connector on that port but I guess you should already have that if you've
got the SSL working already.



                      30/04/2002 11:10             Subject:  TOMCAT & SSL !!!        
                      Please respond to                                                  
                      "Tomcat Users List"                                                

Hi All,

My application requires that certain pages on the site are accessed via
there a way in tomcat to reject the connection of http to a specific page
(ie securePage.jsp) but still allow http access to other pages (ie.

Also i'm using cookies - so i wanted to know whether these cookies will
be visible in both the http & https contexts.

Thanks in advance,


This message contains privileged and confidential information and is
intended only for the individual named.If you are not the intended
you should not disseminate,distribute,store,print, copy or deliver this
message.Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.E-mail
transmission cannot be guaranteed to be secure or error-free as information
could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or
contain viruses.The sender therefore does not accept liability for any
errors or omissions in the contents of this message which arise as a result
of e-mail transmission. If verification is required please request a
hard-copy version.

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message