Sorry if this comes through twice. I think it got eaten by my email
software the first time.
I have tried putting the following in
$CATALINA_HOME/server/webapps/manager/WEB-INF/web.xml but the SSL config
is ignored:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL 4 Login</web-resource-name>
<url-pattern>/ssllogin.html</url-pattern>
<url-pattern>/sslerror.html</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>SSL required</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BlackSailRealm</realm-name>
<form-login-config>
<form-login-page>/ssllogin.html</form-login-page>
<form-error-page>/sslerror.html</form-error-page>
</form-login-config>
</login-config>
I have the login & error pages in $CATALINA_HOME/server/webapps/manager/
Basically it always stays in non-SSL protocol.
I posted this in bugzilla, being confident that tomcat was not doing
what it was supposed to, but apparently it is. I got the following
solution via bugzilla, but I don't understand it! How is this telling me
I should configure SSL for the manager login?
Thanks
On 10/13/2003 02:19 PM bugzilla@apache.org wrote:
[...]
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
>
> cannot configure SSL for form-based authentication >
[...]
>
>
> ------- Additional Comments From remm@apache.org 2003-10-13 12:19
-------
> FORM can be implemented as an internal redirection, like welcome
files. As a
> result, it is not subject to constraints. Please do not reopen the
report.
>
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
|