tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor S." <>
Subject Re: Problems with forwaring HTTP to HTTPS
Date Thu, 01 Dec 2011 17:05:06 GMT

thanks for your comment and thanks for pointing me to the right direction.

I guess this one is the matching excerpt from the specs:

===== [snip ]========

The combination of user-data-constraints that apply to a common
urlpattern and http-method shall yield the union of connection types
accepted by
the individual constraints as acceptable connection types. A security constraint
that does not contain a user-data-constraint shall combine with other
userdata-constraints to cause the unprotected connection type to be an
connection type.
===== [snap ]========

As Jeffrey mentioned, I guess I'll have to byte the bullet, but before
doing that, I'll try my luck writing a valve forwarding all http to

Still, I guess the specs do have some room for improvement here,
meaning, it would be more than helpful if default settings could be
specified inside the global deployment descriptor. Wondering if I'm
the first person missing such a feature.



On Thu, Dec 1, 2011 at 3:43 PM, Mark Thomas <> wrote:
> On 30/11/2011 18:32, Gregor S. wrote:
>> My understanding was, that in the global web.xml
>> ($catalina.home/conf/web.xml) the defaults are specified and promoted
>> to all webapps. But it seems as the webapp doesn't inherit the element
>> <user-data-constraints> from the global web.xml if it specifies it's
>> own <security-constraints> - my expectation was, that it inherits
>> those elements not specified inside the webapp's
>> deployment-descriptor.
> Your understanding is wrong.
> You need to read the 2.5 servlet specification, particularly section
> SRV.12.7.1.
> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message