Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Message-ID: <20020630010036.28038.qmail@web20710.mail.yahoo.com>
Date: Sat, 29 Jun 2002 18:00:36 -0700 (PDT)
From: "Dmitry ..." <dimchikny@yahoo.com>
Subject: Re: SSL and Authentication
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
In-Reply-To: <20020629155530.2262.qmail@web20702.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-870858234-1025398836=:28012"

--0-870858234-1025398836=:28012
Content-Type: text/plain; charset=us-ascii


I figured out that I'll need to refactor my directory structure and use seperate <security-constraint>s. I'm curious, is there a standard or preferred way to do this? 
My next step is to integrate Tomcat with Apache, and then an EJB server (perhaps JBoss?)... 
--Dmitry

  "Dmitry ..." <dimchikny@yahoo.com> wrote: 
Hello everyone.

I have a security-contstraint set up with /* and JDBCRealm, and I have SSL configured in server.xml. Both the JDBCRealm and SSL are working, just not quite as I'd like.

Currently, when the user first enters my site (/mysite/index.html), he is asked to authenticate himself. When the user requests a page through SSL (.../location=https:8443/mysite/../Registration.jsp), he is again asked to authenticate himself.

What I want is:

1) The user to be able to access index.html (and a few other pages) withought authentication. I'd rather not have to enter every page individually under .

*2) The user to not have to re-authenticate himself when he selects to go to Registration.jsp via SSL. 

Thank you in advance,

Dmitry


---------------------------------
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup


---------------------------------
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup
--0-870858234-1025398836=:28012--