tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norbert Kuhnert <n...@cafesoft.com>
Subject Re: SSL FAQ and question
Date Thu, 21 Nov 2002 21:23:25 GMT

Jay,

I did not create a new <Host>, just 2 Connectors supplying
requests to the same <Engine>. I'm not sure that this
automatic redirection from "http" to "https" would work
if it needed to redirect to a different host, but I could
be wrong.

Norb


Jay Wright wrote:
> Great, we will have to try that out.  Did you need to configure a second
> <Host> for the secure site?
> 
> Or is that only necessary if you want a separate domain secure.site.com
> instead of regular.site.com.
> 
> 
>>-----Original Message-----
>>From: Norbert Kuhnert [mailto:norb@cafesoft.com]
>>Sent: Thursday, November 21, 2002 11:49 AM
>>To: Tomcat Users List
>>Subject: Re: SSL FAQ and question
>>
>>
>>
>>Jay,
>>
>>I've had success with using the webapp deployment descriptor
>>"transport-guarantee" user-data-contraint as follows:
>>
>><security-constraint>
>>    <web-resource-collection>
>>       <web-resource-name>myPayroll</web-resource-name>
>>       <url-pattern>/payrollServlet</url-pattern>
>>       <http-method>GET</http-method>
>>    </web-resource-collection>
>>    <user-data-constraint>
>>       <transport-guarantee>
>>       CONFIDENTIAL
>>       </transport-guarantee>
>>    </user-data-constraint>
>></security-constraint>
>>
>>If your Tomcat server's connector is properly setup to specify
>>the "redirectPort" as shown below in your non-secure Connector
>>(your connector class may be different):
>>
>><Connector className="org.apache.catalina.connector.http.HttpConnector"
>>                port="8080" minProcessors="5" maxProcessors="75"
>>                enableLookups="true" redirectPort="8443"
>>                acceptCount="10" debug="10" connectionTimeout="60000"/>
>>
>>AND you have a Connector listening on that port, for example:
>>
>><Connector className="org.apache.catalina.connector.http.HttpConnector"
>>                port="8443" minProcessors="5" maxProcessors="75"
>>                enableLookups="true"
>>	       acceptCount="10" debug="0" scheme="https" secure="true">
>>   <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
>>                clientAuth="false" protocol="TLS"/>
>></Connector>
>>
>>
>>then Tomcat should do the redirection for you. Here's the documentation
>>link for setting up SSL under Tomcat, if that's useful to you:
>>
>>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
>>
>>Good luck,
>>
>>Norb
>>
>>
>>
>>
>>
>>Jay Wright wrote:
>>
>>>I am trying to do some initial research on SSL and tomcat.
>>
>>Perhaps there is
>>
>>>a faq out there that can help me, but the ones I've found on
>>
>>the tomcat site
>>
>>>haven't, so I turn to the newsgroup.
>>>
>>>I'm looking for some tried and true knowledge on implementing one tomcat
>>>instance with both secure and non-secure webapps.  If I request
>>
>>comes into a
>>
>>>webapp that needs to be secure, I would like to redirect that
>>
>>request to the
>>
>>>secure site.
>>>
>>>Is it best to do this in code (by checking the
>>
>>request.isSecure()) and then
>>
>>>issuing response.sendRedirect() or can it be done through server.xml in
>>>tomcat or web.xml in the webapp?
>>>
>>>I assume you'd set up a second <Host> in server.xml and include
>>
>>the webapp
>>
>>><Context> in there.  The non-secure <Host> has a redirectPort configured
>>>which is suppose to then redirect to the secure site.
>>>
>>>Or would you set up the <security-constraint> in web.xml.
>>>
>>>Or am I way off?
>>>
>>>Jay
>>>
>>>
>>>--
>>>To unsubscribe, e-mail:
>>
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> 
>>For additional commands, e-mail:
> 
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> --
> ----------------------------------------------------------
>   Norbert K. Kuhnert              Phone: 858-455-1800 x204
>                                     Fax: 858-455-1801
>   CTO, Founder                    Email: norb@cafesoft.com
>   Cafesoft LLC                      WWW: www.cafesoft.com
> ----------------------------------------------------------
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
> 

-- 
----------------------------------------------------------
  Norbert K. Kuhnert              Phone: 858-455-1800 x204
                                    Fax: 858-455-1801
  CTO, Founder                    Email: norb@cafesoft.com
  Cafesoft LLC                      WWW: www.cafesoft.com
----------------------------------------------------------


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message