tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "cprs-develop" <>
Subject RE: Enabling SSL on specific URLs using IIS and Tomcat
Date Thu, 08 Jan 2004 21:00:40 GMT

That's what I have been trying to do. If you can recommend any alternate
method to allow only https access to secure URLs, I would greatly
appreciate it.


-----Original Message-----
From: Shapira, Yoav [] 
Sent: Thursday, January 08, 2004 2:38 PM
To: Tomcat Users List
Subject: RE: Enabling SSL on specific URLs using IIS and Tomcat

Almost certainly the ISAPI Redirector's fault, since as you mention
Tomcat works fine by itself.  What if you only allow https access to
secure URLs?

Yoav Shapira
Millennium ChemInformatics

>-----Original Message-----
>From: cprs-develop []
>Sent: Thursday, January 08, 2004 2:33 PM
>Subject: Enabling SSL on specific URLs using IIS and Tomcat
>Importance: High
>Hello All:
>I am running Apache Tomcat 4.1.27, with IIS 5.0 on Windows 2000 
>Professional configured to serve the JSP pages using the ISAPI 
>I have also configured SSL support using the Windows IIS management 
>Currently JSP pages can be accessed using the 
>http://SomeHost/SomeDirectory or https://SomeHost/SomeDirectory URL.
>I am trying to specify URLs that should be available only through SSL. 
>For this, I have added the <security-constraint> section in web.xml for

>the relevant webapp directory.
>. . . . .
><!-- All resources under the /SSL directory should only be available
>SSL -->
>    <web-resource-collection>
>	<web-resource-name>SSL</web-resource-name>
>	<url-pattern>/SSL/*</url-pattern>
>    </web-resource-collection>
>    <user-data-constraint>
>	<transport-guarantee>CONFIDENTIAL</transport-guarantee>
>    </user-data-constraint>
>  </security-constraint>
>Now, when I try to access the resources under the /SSL directory,
>http or https) IIS gives me a "Page not found" error message.
>However, if I disable IIS and run Tomcat independently, directory 
>security is enabled, and everything works fine, i.e., if I use 
>http://SomeHost/webapp/SSL, it automatically redirects to 
>I found an earlier thread
>( which 
>mentions that the ISAPI redirector may be to blame, but I am not sure
>it applies in this scenario.
>Any help would be greatly appreciated.
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential,
proprietary and/or privileged.  This e-mail is intended only for the
individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else.  If you are not the(an)
intended recipient, please immediately delete this e-mail from your
computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message