tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Juan de Bravo" <juan.debr...@mad.tecsidel.es>
Subject RE: <security-constraint> not work in Tomcat 5.0.18 ?
Date Thu, 19 Feb 2004 09:41:01 GMT

Try this in your WEB-INF\web.xml application file

<security-constraint>
   	<web-resource-collection>
      	<web-resource-name>HTMLManger and Manager command</web-resource-name>
      	<url-pattern>/*.jsp</url-pattern>
      	<http-method>GET</http-method>
      	<http-method>POST</http-method>
    	</web-resource-collection>
    <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

You must not fill in <auth-constraint> and use CONFIDENTIAL in
<transport-guarantee>, so it should be used HTTPS
to cipher data communications.

Hope it works!!!

-----Mensaje original-----
De: Mariano [mailto:mlopez@sescam.org]
Enviado el: jueves, 19 de febrero de 2004 10:23
Para: 'Tomcat Users List'
Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ?


ok, then, How can i force tomcat using hppts with some jsp pages?

Thanks

Mariano López

-----Mensaje original-----
De: Juan de Bravo [mailto:juan.debravo@mad.tecsidel.es]
Enviado el: jueves, 19 de febrero de 2004 10:17
Para: 'Tomcat Users List'
Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ?


The tag <security-constraint> is related with Realm authenticator, not
with SSL security.

Juan.

-----Mensaje original-----
De: Mariano [mailto:mlopez@sescam.org]
Enviado el: jueves, 19 de febrero de 2004 10:11
Para: tomcat-user@jakarta.apache.org
Asunto: <security-constraint> not work in Tomcat 5.0.18 ?


Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000
Professional.

I like to force tomcat work with some pages with htpps, for those tomcat
is
configurated conf/web.xml with:

<Connector port="8443"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="------------------------------------------------"
    keystorePass="-------" />

When I access a jsp page manually with
https://localhost:8443/............
works fine.

And my META-INF/web.xml of my application with:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>sescam</web-resource-name>
            <url-pattern>/sescam/Comun/LoginUsuario.jsp</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

I think that this security constraint force tomcat to use https even if
I
acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp,
redirecting automatically to
https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't
work
and i can view without problems the page on non https connection.

What is wrong?

Thanks.

Mariano López


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message