tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Brownell <...@technologist.com>
Subject SSL and Tomcat - can't secure individula pages
Date Fri, 21 Oct 2005 14:13:40 GMT
All,

My whole site, all pages, are redirected to port 443 - everything is 
secure.  I only wanted the *.htm and the single file login.jsp to use 
https.

I have set up tomcat 5.5.9 with SSL as follows:

server.xml:


   <!-- Define a non-SSL HTTP/1.1 Connector on port (8080 changed to 
9123 -->
   <Connector port="80" maxHttpHeaderSize="8192"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" redirectPort="443" acceptCount="100"
              connectionTimeout="20000" disableUploadTimeout="true" />

   <!-- Define a SSL HTTP/1.1 Connector on port 443 -->
   <Connector port="443" maxHttpHeaderSize="8192"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
               keystoreFile="/etc/.keystore"
               keystorePass="xxxxxxxx"
              clientAuth="false" sslProtocol="TLS" />

and web.xml:

<security-constraint>
     <web-resource-collection>
       <web-resource-name>secure pages</web-resource-name>
       <url-pattern>*.htm</url-pattern>
     </web-resource-collection>
     <web-resource-collection>
       <web-resource-name>secure pages</web-resource-name>
       <url-pattern>/login.jsp</url-pattern>
     </web-resource-collection>
     <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
</security-constraint>
</web-app>


What am I doing wrong? I thought the <web-resource-collection> in 
<security-constraint> was there to identify which pages should be secure?

Thanks.

Greg.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message