I have updated a site from tomcat 4 to tomcat 5 and my link that used to
redirect to a secure site now fails. I see the webpage tying to connect
with my internal IP address instead of the external URL that the request
came in one. If I connect to https://www.x.com and hit the link to the
secure page my page displays correctly. But if I hit it from
http://www.x.com <http://www.x.com/> the secure page does not display.
The page that displays has not changed. It has a relative link to the
webapp that I want to have as secure.
I have the server.xml connectors defined:
<Connector port="80" minThreads="150" maxSpareThreads="75"
minSpareThreads="25"
enableLookups="true" redirectPort="443"
acceptCount="100" debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:\tomcat\conf\keystore.ks" />
and the following in the web.xml of my application I wish to have
available only as secure:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
What have I missed?
Jmoore
|