tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert r. Sanders" <robert.sand...@ipov.net>
Subject Re: transport guarantee in server.xml?
Date Tue, 05 Apr 2005 13:31:17 GMT
I'm not am expert, but I don't know of any way other than creating a 
stub web.xml file - it shouldn't have to be much, but I think you're 
going to need it.  Although an alternative would be to have a <Service 
..> element in the server.xml file that has ONLY the SSL 
<Connector.../>, but that seems like even more overkill to me.

Ossie Guy wrote:

>
> In our server.xml (Tomcat 4.1), we have a context that is used to 
> serve up static content (PDFs) that are collected in a directory on 
> our server:
>
> <Context path="/pdf" appBase="" docBase="/path/to/pdfs" 
> reloadable="true"></Context>
>
> There is no war or other webapp involved here, just the folder with 
> the static files, and thus no web.xml either... (Don't worry, we are 
> making much use of the servlet API elsewhere on the same server ;)
>
> Now, we want to serve these files up through SSL - we have the SSL 
> Connector configured correctly, everything's just great, BUT a savvy 
> user can still get the files through non-SSL by changing the URL. So - 
> is there any way to *enforce* that this context is accessed only 
> through SSL?
>
> I have seen documentation suggesting something like the following:
>
> <user-data-constraint transport-guarantee="CONFIDENTIAL"/>
>
> But this goes in web.xml, and again, we have none here - do we need to 
> make one just to enforce this constraint? Or is there some way to 
> enforce this from within the server.xml file itself, perhaps within 
> the above <context> section?
>
> Any help would be appreciated.
>
> Cheers,
> Ossie
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's 
> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>

-- 
    Robert r. Sanders
    Chief Technologist
    iPOV
    (334) 821-5412
    www.ipov.net


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message