tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fp...@adinet.com.uy
Subject security-constraint in web.xml
Date Sat, 14 Aug 2004 13:41:00 GMT
Hello, how are you?
I need help to configure a secure application.
I am trying to request client certificate in only one page and force to
use SSL in the entire application.

I put the following in the web.xml

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>certificates</web-resource-name>
            <url-pattern>/certificates/add.action</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
         <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
    </login-config>


If I add a new url pattern, this page will request client certificate too.
How can I force to use SSL without require cliente certificate but still
require it in a specific page?

I hope that you can understand me. If you need more information or clarify
something, please let me know.

Thank you very much in advanced.
Fabian



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message