tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Lampert <jam...@touchtonecorp.com>
Subject Re: Restricting certain ports to certain contexts?
Date Tue, 16 Oct 2012 21:27:21 GMT
Caldarale, Charles R wrote:

> Read the servlet spec, chapter 13 (the 3.0 version is, unfortunately, harder to comprehend
than the earlier versions).  Put the following in the WEB-INF/web.xml of the webapps you wish
to restrict to HTTPS:
> 
> <user-data-constraint>
>   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> 
> It might be possible to add the above to just the global conf/web.xml file and then override
the global setting for the one unsecured webapp by setting its <transport-guarantee>
to NONE, but I haven't tried it.

Thanks.

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message