tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: Forwarding with Tomcat Standalone
Date Tue, 23 Sep 2003 08:24:38 GMT
Have you set up the security-constraint in your web.xml for those pages?

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Login 4 Everything</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
       <url-pattern>/private/*</url-pattern>
     </web-resource-collection>
     <auth-constraint>
       <!-- Anyone with one of the listed roles may access this area -->
       <role-name>user</role-name>
       <role-name>admin</role-name>
     </auth-constraint>
     <user-data-constraint>
       <description>SSL not required</description>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
   </security-constraint>

You will also probably need to set up a filter to redirect non-secure 
pages out of HTTPS. This is not automatic.


Adam

On 09/23/2003 03:28 AM Michael Futeran wrote:
> I am trying to replace an Apache/Tomcat combination with Tomcat standalone.
> I have everything else working, but I can not figure out how to get requests
> for secure pages to be auto forwarded to https the way they are with Apache.
> 

-- 
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9


Mime
View raw message