tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <grm7...@verizon.net>
Subject Re: Problem moving from HTTP to HTTPS
Date Sat, 02 Sep 2006 07:02:26 GMT
Thank you both.  Removing the <auth-constraint/> element quickly solved 
the problem for me.  So far, I have not run into any MSIE problems with 
this solution, hopefully my luck will continue.  (By default, users will 
be given https:// links anyway, the redirection is only for those who 
might accidentally enter via http://.)

Glen


Bill Barker wrote:

> Yeah, you need to delete the entire <auth-constraint>...</auth-constraint>

> to allow everyone.  However, for MSIE, you may still get problems due to the 
> restricted caching headers that Tomat adds.
> 
> "Filip Hanik - Dev Lists" <devlists@hanik.com> wrote in message 
> news:44F7639F.6060902@hanik.com...
> 
>><role-name>*</role-name>  <!-- even though I have no roles configured
-->
>>
>>the "*" means all the roles that you have defined in web.xml, since you 
>>haven't defined any roles in web.xml, there is nothing to authenticate, 
>>hence its gonna deny the request
>>
>>Filip
>>
>>
>>Glen Mazza wrote:
>>
>>>Hello,
>>>
>>>I have developed a simple web application running on Tomcat that asks for 
>>>a database username and password and then returns a report in PDF. I'm 
>>>*not* using any of Tomcat's security features for this--no roles for 
>>>example.
>>>
>>>In testing it has been running fine on HTTP, but I would like it to be 
>>>using HTTPS/SSL for production use, and ideally, be redirecting any user 
>>>HTTP requests to HTTPS.  So I created a new keystore and activated the 
>>>HTTPS/SSL connector in the server.xml file.  I also added the following 
>>>security constraint to the web.xml of my web application in order to 
>>>force a redirect from HTTP to HTTPS should the user enter the former:
>>>
>>>    <security-constraint>
>>>        <web-resource-collection>
>>>            <web-resource-name>thewholeapp</web-resource-name>
>>>            <url-pattern>/*</url-pattern>
>>>            <http-method>GET</http-method>
>>>            <http-method>POST</http-method>
>>>        </web-resource-collection>
>>>        <auth-constraint>
>>>            <role-name>*</role-name>  <!-- even though I have no
roles 
>>>configured -->
>>>        </auth-constraint>
>>>        <user-data-constraint>
>>>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>        </user-data-constraint>
>>>    </security-constraint>
>>>
>>>The redirection to the HTTPS page is working, but the HTTPS page itself 
>>>is failing--I keep getting 403 error messages:  "Access to the requested 
>>>resource has been denied".  Note I am *not* doing any form of container 
>>>authentication--that may be the problem, as I'm relying on the DB 
>>>connection string within my web application to authenticate into the 
>>>database.  I get the same message if I go to the https:// URL directly 
>>>and not via redirection.
>>>
>>>How can I get Tomcat to let every user access the HTTPS URL login page 
>>>(letting the database continue to handle the subsequent authentication 
>>>into the DB), preferably while still allowing for the automatic 
>>>redirection from HTTP to HTTPS as listed in the above 
>>><security-constraint/>?
>>>
>>>Thanks,
>>>Glen
>>>
>>>---------------------------------------------------------------------
>>>To start a new topic, e-mail: users@tomcat.apache.org
>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To start a new topic, e-mail: users@tomcat.apache.org
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message