tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rom Construct" <rom_constr...@hotmail.com>
Subject Using SSL and Tomcat 4.1.27, IE6 reports servlet outputstream is not encrypted
Date Thu, 30 Oct 2003 22:25:01 GMT
Hello,
    I have enabled SSL in Tomcat 4.1.27 and all of my static pages: html,
xsd, etc. are encrypted fine. However, when I access an html page that was
written directly to the servlet outputstream (rather than a redirect to a
jsp or a static page), IE6 reports that the connection is not encrypted
although I the protocol is still https. A section of my web.xml appears
below:

<servlet-mapping>
        <servlet-name>MainServlet</servlet-name>
        <url-pattern>/servlet</url-pattern>
<servlet-mapping>

<security-constraint>
        <web-resource-collection>
            <web-resource-name>Application</web-resource-name>
            <url-pattern>/static-pages/*</url-pattern>
            <url-pattern>/servlet</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>default_role</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>

To summarize: Using the https protocol, the login page and all pages under
https://xxx:443/context/static-pages/* are reported as encrypted but the
outputstream from the servlet under
https://xxx:443/context/servlet?param=value is reported as unencrypted. In
fact, each time I access a dynamic page, the encryption icon in IE6 flashes
on, then off. I am starting to think that IE6 may be mis-reporting the
encryption state of the dynamically generated pages.

thank you,
Nathan Freeling

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message