tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: j_security_check with https
Date Tue, 06 Jan 2009 18:19:41 GMT
Diego Armando Gusava wrote:
>  i dont know how to request j_security_check on https!
> 
>  i attemped http://wiki.apache.org/tomcat/SSLWithFORMFallback but didnt work

I think the above attempts to find an SSL cert, but falls back to FORM
auth.  Which isn't perhaps what you want?

>  <login-config>
>                  <!--<auth-method>FORM</auth-method>-->
>                   <form-login-config>
>                       <form-login-page>/login.do</form-login-page>
>                      <form-error-page>/login/loginError.jsp</form-error-page>
>                   </form-login-config>
>  </login-config>

Set <transport-guarantee>CONFIDENTIAL</transport-guarantee> in the
security constraint section, as below.  Ensure that you have an SSL
enabled connector and that the redirect port on the normal connector
matches the SSL port.

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>

      <url-pattern>/mySecurePath/</url-pattern>

      <http-method>GET</http-method>
	...
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>rolename</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

p


>  tomcat redirect to Http!
> 
>  cheers
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message