tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard HALLIER" <fred.lamue...@laposte.net>
Subject RE: SSL
Date Fri, 19 Nov 2004 09:55:31 GMT
Really great ! Thank you a lot for your help !
Richard

-----Message d'origine-----
De : Carl Olivier [mailto:carl@zero-one.co.za]
Envoyé : vendredi 19 novembre 2004 07:10
À : Tomcat Users List
Objet : RE: SSL


Alternatively, if you wish to accept HTTP connections, but redirect (forced
to https) you could add a <security-constraint> to your webapps
/WEB-INF/web.xml - before the </web-app>:

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>HTTP to HTTPS
redirection</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<user-data-constraint>
			<transport-guarantee>
				CONFIDENTIAL
			</transport-guarantee>
		</user-data-constraint>
	</security-constraint>

Thus, both the http and https connectors can exist in the same <Service> -
where you web app host lives, but the WEBAPP ITSELF will ensure that even
http requests to it will be redirected to https.

Be sure to specify the correct redirectPort attribute in your HTTP connector
- to 443 or 8443 depending on what port your HTTPS connector listens on.

Thus, people can request your site/webapp using http - but will be
redirected to https immediately for all requests.

Hope that helps.

Carl

-----Original Message-----
From: Shapira, Yoav [mailto:Yoav.Shapira@mpi.com]
Sent: Thursday, November 18, 2004 7:53 PM
To: Tomcat Users List
Subject: RE: SSL


Hi,
Yeah, reorganize your server.xml into two engines, with one connector and
webapp each.  One engine will have the SSL connector and webapp, and the
other engine will have the non-SSL connector and webapp.

Yoav Shapira http://www.yoavshapira.com


>-----Original Message-----
>From: Richard HALLIER [mailto:fred.lamuette@laposte.net]
>Sent: Thursday, November 18, 2004 12:42 PM
>To: Tomcat Users List
>Subject: RE: SSL
>
>Thank you for your reply, but I've omitted to say that I have another
>webapp that is non-ssl, so I must have the two connectors (http, https)
>up.
>Do you have a solution ?
>Really thank you for your help.
>Richard
>
>-----Message d'origine-----
>De : Shapira, Yoav [mailto:Yoav.Shapira@mpi.com] Envoye : jeudi 18
>novembre 2004 18:09 A : Tomcat Users List Objet : RE: SSL
>
>
>
>Hi,
>Comment out the non-SSL connector element in server.xml.
>
>Yoav Shapira http://www.yoavshapira.com
>
>
>>-----Original Message-----
>>From: Richard HALLIER [mailto:fred.lamuette@laposte.net]
>>Sent: Thursday, November 18, 2004 12:02 PM
>>To: tomcat mailing-list
>>Subject: SSL
>>
>>Hi everybody,
>>Sorry if this question has been already asked, but i didnt find any
>>pointers in the archive.
>>I'm in the following context : Tomcat 5.0.x, Connector SSL active.
>>I'd like to prevent everybody from using my webapp with the HTTP
>protocol,
>>in fact I'd like to restrict access to my webapp only to the https
>>protocol.
>>For the moment and with a standard configuration, I can access my
>webapp
>>from http and https protocol ...
>>Thank you for your help.
>>Richard
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>This e-mail, including any attachments, is a confidential business
>communication, and may contain information that is confidential,
>proprietary and/or privileged.  This e-mail is intended only for the
>individual(s)
to
>whom it is addressed, and may not be saved, copied, printed, disclosed
or
>used by anyone else.  If you are not the(an) intended recipient, please
>immediately delete this e-mail from your computer system and notify the
>sender.  Thank you.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential, proprietary
and/or privileged.  This e-mail is intended only for the individual(s) to
whom it is addressed, and may not be saved, copied, printed, disclosed or
used by anyone else.  If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the
sender.  Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message