Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 46988 invoked from network); 20 Sep 2002 09:05:37 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 20 Sep 2002 09:05:37 -0000 Received: (qmail 4499 invoked by uid 97); 20 Sep 2002 09:05:20 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org Received: (qmail 4176 invoked by uid 97); 20 Sep 2002 09:05:17 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 3915 invoked by uid 98); 20 Sep 2002 09:05:14 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) X-Envelope-To: tomcat-user@jakarta.apache.org From: "Christopher Watson" To: "Tomcat Users List" Subject: Can anyone help with an SSL problem? Date: Fri, 20 Sep 2002 10:03:27 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Dear All, Can anyone offer some advice - sorry to keep asking, but so far I've had no reply :-( I am using ISAPI redirector to serve JSP/servlet resources through IIS I would like some contexts to _require_ SSL (https) to be used, and leave others free to use http. I am able require _all_ contexts to use SSL by setting 'require secure channel' for the jakarta virtual directory under IIS. BUT What I want to do is require SSL at a _context_ level Can someone show me how to do this, perhaps using workers.properties or uriworkermap.properties or the like? I did think of setting secure="true" on the ajp13 connnector, but that just tells effectively tells me that that connector has been used, not whether the original request used SSL - in other words I ALWAYS get isSecure() = whatever was set for the connector in server.xml An idea I had was to have more than one 'jakarta' virtual directory, one requiring SSL, the other not, but then I'm guessing the ISAPI filter uses the same Registry entry, so I couldn't specify a different extension_uri to get to it ?? Is this the right thinking?? Is there a way round this? Any other general advice - except "don't use IIS" (I have no choice for this project!) - would be welcome. Christopher -- To unsubscribe, e-mail: For additional commands, e-mail: