tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhaval Patel <dhava...@yahoo.com>
Subject Re: yet another SSL question
Date Fri, 05 Jan 2007 23:24:48 GMT
Try this:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Secure servlet</web-resource-name>
            <url-pattern>/path/to/servlet/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

Regards,
D

--- Jan Strauch <waynel@web.de> wrote:

> Hello world!
> 
> My problem :
> 
> I want some of my servlets to be accessible only when HTTPS is used:
>     https:/<path to servlet> succeeds
>     http:/<path to servlet> gives an error
> 
> The first step seems to work, but when i have logged in into the secure area,
> load a page using https, delete the "s" and reload, the page is also loaded.
> 
> How do i block the unsecured reload?
> 
> I tried some of the hints for JSPs, but they seem not to work with servlets.
> 
> My web.xml:
> 
> <web-app>
>         <servlet>
>                 <servlet-name>myServlet</servlet-name>
>                 <servlet-class>myServlet</servlet-class>
>         </servlet>
>             ... more servlets...
>         <servlet-mapping>
>                 <servlet-name>myServlet</servlet-name>
>                 <url-pattern>path to myServlet</url-pattern>
>         </servlet-mapping>
>         ... more servlets...
> </web-app>
> 
> What security-constraints do i need, and where do i have to put them?
> 
> Thank you 
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message