tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Danny Morgan) dmor...@corpmedia.com
Subject SSL Configuration for Form-Based Auth.
Date Mon, 30 Sep 2002 18:58:20 GMT
First this is what I have installed:

Redhat Linux v7.3
w/
apache-1.3.23-14
mod_ssl-2.8.7-6
Sun's Java jdk-1.4.1
Jakarta tomcat-4.1.12
mod_jk2

I currently have the web-app up and running just fine, however I'm 
running into a few problems with form-based auth using SSL.  Apache is 
configured to handle the SSL connections from users, it works fine under 
with "NONE" in <transport-guarantee> (http) but errors out with 
"CONFIDENTIAL" in <transport-guarantee> (https) with "Redirection limit 
for this URL exceeded. Unable to load the requested page".

Let me know if you need any more info.

Thanks,
Danny

Here is part of my web.xml

<security-constraint>
  <display-name>Server Configuration Security Constraint</display-name>
  <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/admin/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>admin</role-name>
  </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Server Configuration Form-Based Authentication 
Area</realm-name>
  <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/error.jsp</form-error-page>
  </form-login-config>
</login-config>

<security-role>
  <role-name>admin</role-name>
</security-role>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message