tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keshav Sarin" <KSa...@net-deposit.com>
Subject Re: http to https how ?
Date Wed, 14 Jan 2004 18:17:40 GMT
True. There should be <http-method> entry for each protected http
method.

>>> ahardy.struts@cyberspaceroad.com 01/14/04 06:24AM >>>
Did you know that specifying GET and POST means that the other http 
methods like DELETE and PUT will not be secure?

On 01/13/2004 04:53 PM&nbsp;Keshav Sarin wrote:
> Another way to secure resources is to define them in web.xml.
Usually
> this setting has worked for me.
> 
> <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>app or resource
> name</web-resource-name>
>             <url-pattern>/*</url-pattern> <!-- define all url
patterns
> that need to be protected-->
>             <http-method>GET</http-method>
>             <http-method>POST</http-method>
>         </web-resource-collection>
> 
>         <user-data-constraint>
>             <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
>         </user-data-constraint>
> 
>     </security-constraint>
> 
> If someone tries to access the above url pattern over http, the
server
> automatically redirects to a https connection.
> 
> 
>>>>Bruno.Melloni@nokia.com 01/13/04 08:22AM >>>
> 
> There are many theories out there.  From personal experience, the
> simplest/cleanest way to do it is with Struts + the sslext plugin. 
But
> even then, don't expect it to be trivial.  Run some Google searches
to
> find components, tutorials, articles, etc.  Those things should make
> your life a little easier.
> 
> -----Original Message-----
> From: ext Mufaddal Khumri [mailto:mufaddal@wmotion.com] 
> Sent: Monday, January 12, 2004 6:12 PM
> To: Tomcat Users List
> Subject: http to https how ?
> 
> 
> Hi,
> 
> Have a page First.jsp
> 
> When a user comes to http://my.domain.com/First.jsp ... I would like
to
> 
> redirect him or her to https://my.domain.com/First.jsp.
> 
> How do I do this on my jsp ? I tried <% 
> request.redirect("https://my.domain.com/First.jsp") %> , but i get an

> exception saying
> 
> cannot resolve symbol
> symbol  : method redirect (java.lang.String)
> location: interface javax.servlet.http.HttpServletResponse
> 					response.redirect(path);
> 
> Thanks.
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org 
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

> 
> 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org 
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

> 
> 


-- 
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org 
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org 




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message