tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mariano" <mlo...@sescam.org>
Subject RE: combined http and https
Date Mon, 14 Jun 2004 08:03:25 GMT
Do you have well configured Tomcat's server.xml file for SSL connections ?

For example:
<Connector port="8443" maxThreads="150"
	     minSpareThreads="25" maxSpareThreads="75"
	     enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" debug="0" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
           keystoreFile="/...../.../Tomcat's SSL File"
keystorePass="........"/>

And well generated certificate necesary for SSL ?:

1.	If you are running a 1.3 JVM, download JSSE 1.0.3 (or later) from
http://java.sun.com/products/jsse/ and either make it an installed extension
on the system, or else set an environment variable JSSE_HOME that points at
the directory into which you installed JSSE.
2.	Create a certificate keystore by executing the following command:

	Windows:%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
	Unix:$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

	and specify a password value of "changeit".
3.	Uncomment the "SSL HTTP/1.1 Connector" entry in
$CATALINA_HOME/conf/server.xml and tweak as necessary.

And, please don't send e-mails to private address, always to Tomcat list
address.

Mariano López

-----Mensaje original-----
De: José Manuel Prada Sierra [mailto:petinboy@hotmail.com]
Enviado el: viernes, 11 de junio de 2004 12:57
Para: mlopez@sescam.org
Asunto: RE: combined http and https


Hi Mariano.
This is my web.xml file:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">

<web-app>
  <servlet>
    <servlet-name>webdes</servlet-name>
    <servlet-class>org.apache.turbine.Turbine</servlet-class>
    <init-param>
      <param-name>applicationRoot</param-name>
      <param-value>webContext</param-value>
    </init-param>
    <init-param>
      <param-name>properties</param-name>
      <param-value>/WEB-INF/conf/TurbineResources.properties</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <security-constraint>
     <web-resource-collection>
       <web-resource-name>SSL Pages</web-resource-name>
       <url-pattern>/templates/app/screens/secure/Index.vm</url-pattern>
     </web-resource-collection>
     <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>templates</web-resource-name>
      <url-pattern>/templates/*</url-pattern>
   </web-resource-collection>
   <web-resource-collection>
      <web-resource-name>logs</web-resource-name>
      <url-pattern>/logs/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Templates</realm-name>
  </login-config>
</web-app>

I have done you said, but the protocol don't change. Always http or https.
http://193.144.50.84:8080/webdes/servlet/webdes
https://193.144.50.84:8443/webdes/servlet/webdes
but never change the http to https.
I don't know that I can be wrong.
I have any error message, the protocol simply don't change and i don't know
what to do.
Thanks by your interesting.
Regards.





Hi José Manuel, if you have already configured your tomcat to work with SSL
you can filter all pages you want with the following lines in web.xml
context file:

<security-constraint>
     <web-resource-collection>
       <web-resource-name>SSL Pages</web-resource-name>
       <url-pattern>/Comun/MyPage.jsp</url-pattern>
     </web-resource-collection>
     <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
</security-constraint>

You can use wildcards in <url-pattern> like '*'...

But i have a problem too, when i like to pass from http to https this work
fines, but from https to http i don't have a definitely solution yet.

Regards

Mariano López

-----Mensaje original-----
De: José Manuel Prada Sierra [mailto:petinboy@hotmail.com]
Enviado el: lunes, 31 de mayo de 2004 12:57
Para: tomcat-user@jakarta.apache.org
Asunto: combined http and https



Hi. I have an application that it was build using  tdk (turbine development
kit) and postgresql.
I have configured tomcat with http 8080 and https 8443 but i only use http
or https and i do not know how to combined both protocols. In my application
i have a section that is accesible typing login and password, but i need
that when an user link to this section, to activate the protocol https.
could somebody tell me the way to do it? Thank you.
Sorry for my english. I am a spanish.

_________________________________________________________________

_________________________________________________________________
De todo para la Mujer Latina http://latino.msn.com/mujer/


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message