tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Hansen <joe.hansen...@gmail.com>
Subject Help with security-constraint in web.xml
Date Mon, 04 Jan 2010 21:53:40 GMT
Hey all,

We are using Tomcat 6.0 / Apache 2.2. We would like the user to login
over HTTPS rather than plain HTTP.

So, I have defined the following security-constraint in the web.xml
file of our web application:

	<security-constraint>
	  	<display-name>Login</display-name>

  		<web-resource-collection>
     		<web-resource-name>Login</web-resource-name>
		    <url-pattern>/spring_security_login</url-pattern>
 			<http-method>GET</http-method>
 			<http-method>POST</http-method>
		</web-resource-collection>

  		<user-data-constraint>
     		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
	</security-constraint>

When a user clicks on the login link <a
href="/spring_security_login">Login</a>, he/she is redirected to the
following URL and the browser shows an "Unable to connect" error:
https://ourwebsite.com:8443/spring_security_login

What do I need to do so that the user is directed to
https://ourwebsite.com/spring_security_login instead (which, displays
the login page correctly). i.e. I do not want a port number in the
URL.

Please advise.

Thank you!
Joe

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message