tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert r. Sanders" <>
Subject Re: transport guarantee in server.xml?
Date Tue, 05 Apr 2005 13:31:17 GMT
I'm not am expert, but I don't know of any way other than creating a 
stub web.xml file - it shouldn't have to be much, but I think you're 
going to need it.  Although an alternative would be to have a <Service 
..> element in the server.xml file that has ONLY the SSL 
<Connector.../>, but that seems like even more overkill to me.

Ossie Guy wrote:

> In our server.xml (Tomcat 4.1), we have a context that is used to 
> serve up static content (PDFs) that are collected in a directory on 
> our server:
> <Context path="/pdf" appBase="" docBase="/path/to/pdfs" 
> reloadable="true"></Context>
> There is no war or other webapp involved here, just the folder with 
> the static files, and thus no web.xml either... (Don't worry, we are 
> making much use of the servlet API elsewhere on the same server ;)
> Now, we want to serve these files up through SSL - we have the SSL 
> Connector configured correctly, everything's just great, BUT a savvy 
> user can still get the files through non-SSL by changing the URL. So - 
> is there any way to *enforce* that this context is accessed only 
> through SSL?
> I have seen documentation suggesting something like the following:
> <user-data-constraint transport-guarantee="CONFIDENTIAL"/>
> But this goes in web.xml, and again, we have none here - do we need to 
> make one just to enforce this constraint? Or is there some way to 
> enforce this from within the server.xml file itself, perhaps within 
> the above <context> section?
> Any help would be appreciated.
> Cheers,
> Ossie
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

    Robert r. Sanders
    Chief Technologist
    (334) 821-5412

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message