tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Diego Armando Gusava" <diegogus...@gmail.com>
Subject Re: j_security_check with https
Date Tue, 06 Jan 2009 18:36:49 GMT
"orm Based Authentication has the same lack of security as Basic
Authentication since the user password is transmitted as plain text
and the target
server is not authenticated. Again additional protection can alleviate
some of these
concerns: a secure transport mechanism (HTTPS)."

i want " secure transport mechanism (HTTPS)"

how can i do it?

2009/1/6 Diego Armando Gusava <diegogusava@gmail.com>:
> let me explain
>
> when i try to access mySecurePath for example, tomcat show me a login
> page with https but after that i dont need for example be with https,
> because i only need to send protected username and password.
>
> i want to only need login.jsp with https!!
>
>
>
> 2009/1/6 Pid <p@pidster.com>:
>> Diego Armando Gusava wrote:
>>>  i dont know how to request j_security_check on https!
>>>
>>>  i attemped http://wiki.apache.org/tomcat/SSLWithFORMFallback but didnt work
>>
>> I think the above attempts to find an SSL cert, but falls back to FORM
>> auth.  Which isn't perhaps what you want?
>>
>>>  <login-config>
>>>                  <!--<auth-method>FORM</auth-method>-->
>>>                   <form-login-config>
>>>                       <form-login-page>/login.do</form-login-page>
>>>                      <form-error-page>/login/loginError.jsp</form-error-page>
>>>                   </form-login-config>
>>>  </login-config>
>>
>> Set <transport-guarantee>CONFIDENTIAL</transport-guarantee> in the
>> security constraint section, as below.  Ensure that you have an SSL
>> enabled connector and that the redirect port on the normal connector
>> matches the SSL port.
>>
>>  <security-constraint>
>>    <web-resource-collection>
>>      <web-resource-name>Protected Area</web-resource-name>
>>
>>      <url-pattern>/mySecurePath/</url-pattern>
>>
>>      <http-method>GET</http-method>
>>        ...
>>      <http-method>POST</http-method>
>>    </web-resource-collection>
>>    <auth-constraint>
>>      <role-name>rolename</role-name>
>>    </auth-constraint>
>>    <user-data-constraint>
>>      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>    </user-data-constraint>
>>  </security-constraint>
>>
>> p
>>
>>
>>>  tomcat redirect to Http!
>>>
>>>  cheers
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message