tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Toni.Ki...@ineo.fi
Subject Re: RE: Apache-Tomcat
Date Fri, 25 Oct 2002 05:12:57 GMT

On 2002-10-25 Christie I  wrote:
> Hi
>
> Thank you very much John. It worked!. I have one last problem. Iam
running Openssl. Iam having
> *.jsp files in my webapps/myproject directory that some of the files
needs to be accessed by https
> and not thru http? How to do this?
>
> for eg :https://0.0.0.0/welcome.jsp  should not be accessed thru
http://0.0.0.0 ? How to do
> restrict this?

Hi.

You can automatically redirect all access to jsp-files to https with adding
text below to the end of web.xml.
This can cause some problems though (at least i had) with jsps that use
setContentType to something else (like application/pdf).

  <security-constraint>
    <web-resource-collection>
       <web-resource-name>SecurityRestriction</web-resource-name>
       <description>Secure all jsp-pages</description>
       <url-pattern>*.jsp</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>


- Toni


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message