tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Rainer" <>
Subject AW: Service available for HTTPS only? (no HTTP)
Date Wed, 01 Jul 2009 10:42:55 GMT

thanks for answering.

In my web.xml file I don't find any entry corresponding my service. 
It seems to be the default web.xml file provided by Axis 1.3.

I did some researches on your keywords "<transport-guarantee>" and
"CONFIDENTIAL" but I could not find something usefull.

In my point of view, it will probably be the easiest way to install two
Axis-servlets in the Tomcat.
One for HTTP and one for HTTPS. Then I can deploy the services either for
HTTP or for HTTPS.

Does anyone know how I can configure my Axis servlet to only handle HTTPS
Is the difference between HTTP and HTTPS forwared from Tomcat to Axis? Does
it know it?

Regards & Many Thanks in advance

-----Ursprungliche Nachricht-----
Von: Caldarale, Charles R []
Gesendet: Dienstag, 30. Juni 2009 19:08
An: Tomcat Users List
Betreff: RE: Service available for HTTPS only? (no HTTP)

> From: Stefan Rainer []
> Subject: Service available for HTTPS only? (no HTTP)
> The service XY can still be called via HTTP (without SSL).
> ==> Does anyone knows a trick to "avoid" calls via HTTP to this
> service?

Read the servlet spec, the contents of which are intentionally *not*
duplicated in the Tomcat docs.

Specifically, set a <transport-guarantee> of CONFIDENTIAL in your webapp's
WEB-INF/web.xml file.  See the servlet spec for exact details.

 - Chuck

MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message