tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: combining form based authentication with https
Date Sat, 01 Oct 2005 14:44:31 GMT
Peddireddy Srikanth wrote:
> Hi all,
> 
> I have a basic doubt  If there are any resoursec which will me on this
> please point me towards them. I will carry on from there.
> 
> My question is how to combine the form based authentication, where we use
> "jsecuritycheck" , "jusername" etc with https.
> As far as I know if we use form based authentication username and
> password will be authenticated by the container managed resource
> called 'jsecuritycheck". But the data transfer from client browser to
> tomcat will be still a plain text. i want to encrypt this and
> obviously i need to use https.
> So how to combine both  and how tomcat wil help me doping this??

Providing you have an https connector configured, you can use 
something like this in your <security-constraint>

<user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

See the spec for more details.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message