Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 82053 invoked from network); 8 Jul 2004 14:02:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 8 Jul 2004 14:02:44 -0000 Received: (qmail 80224 invoked by uid 500); 8 Jul 2004 14:02:14 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 80196 invoked by uid 500); 8 Jul 2004 14:02:14 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 80179 invoked by uid 99); 8 Jul 2004 14:02:13 -0000 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,WEIRD_PORT X-Spam-Check-By: apache.org Received: from [212.190.72.78] (HELO bexsmtp2.europarl.eu.int) (212.190.72.78) by apache.org (qpsmtpd/0.27.1) with ESMTP; Thu, 08 Jul 2004 07:02:11 -0700 Received: from bexsmtp2.europarl.eu.int (localhost [127.0.0.1]) by bexsmtp2.europarl.eu.int (8.11.1 - (Revision 1.4+JAGae91741+JAGae92668)/8.11.1) with ESMTP id i68E21E12031 for ; Thu, 8 Jul 2004 16:02:01 +0200 (METDST) Received: from EPBRUSEX01.ep.parl.union.eu ([136.173.156.10]) by bexsmtp2.europarl.eu.int (8.11.1 - (Revision 1.4+JAGae91741+JAGae92668)/8.11.1) with ESMTP id i68E21G12027 for ; Thu, 8 Jul 2004 16:02:01 +0200 (METDST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: Tomcat 5 with HTTPS to protect a subset of a webapp : pb url-pattern + security constraint Date: Thu, 8 Jul 2004 16:02:06 +0200 Message-ID: <629947F03710AC46840AE42E678ED7FA0B2DC9@EPBRUSEX01.ep.parl.union.eu> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Tomcat 5 with HTTPS to protect a subset of a webapp : pb url-pattern + security constraint Thread-Index: AcRk7Exv/2TqsPLDSEKzrwtPTSPHRgAAOn0w From: "SPIELMANN Christophe" To: "Tomcat Users List" X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Hello there, I use the classic Tomcat 5.0.18 without any modif. I would like to protect a subset of my webapp. to do so, I did the = following stuffs: - I configured my Tomcat to accept SSL - I added a security-constraint in web.xml I am facing the following problems: 1. the url-pattern /frwk/module/admin* does not work. I don't switch to = Https. With a more simple pattern it works fine. 2. In my browser IE5.50 :-( , I got some links = https://localhost:8080/framework... I then get error with those links. I = truly don't understand the logic as when I see the properties of the = page I see https://localhost:8433/framework. And My address bar is also = https://localhost:8433/... ( due to a redirect ? ) 3. I was expecting Tomcat to switch from http to https and then from = http to https when a page is outside the security pattern. It does not = seem to be the case. It would have been to simple I imagine. If Any one has ever done such a thing, I would appreciate your hints. Here are my configs: in web.xml :

Embedded Admin Module Security

Admin module through = actions

/frwk/module/admin*

Admin module through Language Bar with tile as = the forward = /i18n/processLocalization.do\?forward=3Dfrwk\.admin*

Admin module through Language Bar with an = action as the forward = /i18n/processLocalization.do\?forward=3D/frwk/module/admin*<= /url-pattern>

framework

=20 lets use https

CONFIDENTIAL

=20 =09 =20

BASIC

Framework Application

=09 =09 The role that is required to log in to the Administration = Application

framework

In server.xml: =20 Txs, Christophe Spielmann cspielmann@europarl.eu.int =20 --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org