tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "SPIELMANN Christophe" <cspielm...@europarl.eu.int>
Subject Tomcat 5 with HTTPS to protect a subset of a webapp : pb url-pattern + security constraint
Date Thu, 08 Jul 2004 14:02:06 GMT

Hello there,

I use the classic Tomcat 5.0.18 without any modif.

I would like to protect a subset of my webapp. to do so, I did the following stuffs:
- I configured my Tomcat to accept SSL
- I added a security-constraint in web.xml

I am facing the following problems:

1. the url-pattern /frwk/module/admin* does not work. I don't switch to Https. With a more
simple pattern it works fine.

2. In my browser IE5.50 :-( , I got some links https://localhost:8080/framework... I then
get error with those links. I truly don't understand the logic as when I see the properties
of the page I see https://localhost:8433/framework. And My address bar is also https://localhost:8433/...
( due to a redirect ? )

3. I was expecting Tomcat to switch from http to https and then from http to https when a
page is outside the security pattern. It does not seem to be the case. It would have been
to simple I imagine.

If Any one has ever done such a thing, I would appreciate your hints.


Here are my configs:

in web.xml :

	<!-- Define a security constraint on this application -->
	<security-constraint>
      <display-name>Embedded Admin Module Security</display-name>
       <!-- Define the context-relative URL(s) to be protected -->       
	  <web-resource-collection>
		    <web-resource-name>Admin module through actions</web-resource-name>
		    <url-pattern>/frwk/module/admin*</url-pattern>
	  </web-resource-collection>
	  <web-resource-collection>
		    <web-resource-name>Admin module through Language Bar with tile as the forward</web-resource-name>
		    <url-pattern>/i18n/processLocalization.do\?forward=frwk\.admin*</url-pattern>
	  </web-resource-collection>
	  <web-resource-collection>
		    <web-resource-name>Admin module through Language Bar with an action as the forward</web-resource-name>
		    <url-pattern>/i18n/processLocalization.do\?forward=/frwk/module/admin*</url-pattern>
	  </web-resource-collection>
	  <auth-constraint>
	        <!-- Anyone with one of the listed roles may access this area -->
    	<role-name>framework</role-name>
	  </auth-constraint>
	  <user-data-constraint> 
		   <description>lets use https</description>
	  	   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 	  </user-data-constraint> 
	</security-constraint> 	
	  
	<!-- Define the login configuration for this application -->
	<login-config>
		  <auth-method>BASIC</auth-method>
		  <realm-name>Framework Application</realm-name>
	</login-config>	
	
	<!-- Security roles referenced by this web application -->
	<security-role>
	  <description>
    	The role that is required to log in to the Administration Application
	  </description>
	  <role-name>framework</role-name>
	</security-role>

In server.xml:

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" port="8080"
redirectPort="8443" allowTrace="true">
    </Connector>
    <Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
           port="8443" minProcessors="5" maxProcessors="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100" debug="0" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" keystorePass="tomcat" keystoreFile="c:/DGPE/jakarta-tomcat-5.0.18/certificates/keystore"
>
    </Connector>           


Txs,
Christophe Spielmann
cspielmann@europarl.eu.int
 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message