tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Lampert <>
Subject Re: Restricting certain ports to certain contexts?
Date Tue, 16 Oct 2012 21:27:21 GMT
Caldarale, Charles R wrote:

> Read the servlet spec, chapter 13 (the 3.0 version is, unfortunately, harder to comprehend
than the earlier versions).  Put the following in the WEB-INF/web.xml of the webapps you wish
to restrict to HTTPS:
> <user-data-constraint>
>   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> It might be possible to add the above to just the global conf/web.xml file and then override
the global setting for the one unsecured webapp by setting its <transport-guarantee>
to NONE, but I haven't tried it.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message