tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Lee <tomcatu...@shaw.ca>
Subject A <transport-guarantee> problem with 4.1.18
Date Sat, 11 Jan 2003 20:40:18 GMT
I asked this earlier, but I still got problems with it. I upgraded to
4.1.18, but I got some problems with security constraints.

I have applied a security constraint on a particular url pattern. Only
certain users with a special rolename can access that link.   The data
transportation is also secure, therefore I put in a  <transport-guarantee>
in web.xml

<user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

It used to work but now the page does not load with v4.1.18. 
I got a blank page instead of a login page.
Is SSL implemented differently v4.1.18 that prevents my application
from working like before?
I think it has to do with rolenames. I put in the needed role in
tomcat-user.xml 
already. Did I miss something?

Is there any documentation on tomcat v4.1.18 SSL security stuff?


Here is my security constraint in web.xml:

  <!-- Secure form 
        URLs of the form 
        http://localhost/Prefix/mypage
           require SSL and are redirected to
        https://localhost/Prefix/mypage -->

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>SSLspecial</web-resource-name>
      <url-pattern>/protectedpage/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>specialrole</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message