tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Øyvind Vestavik <>
Subject Re: Any mod_webapp + <user-data-constraint> gotchas in 4.0?
Date Mon, 22 Apr 2002 09:25:29 GMT

I am way over my head here, but I once made a servlet whos methods should
only bee accessed over SSL. I Just made a secure port on 8443.
In my code I wrote

if (!request.isSecure)
   //make (using request.getHost() .getServletContext and so
     on (all though I didn't find a dynamic way to find the port of the
     server running SSL)
   //request is made over https. Proceed

Probably didn't answer your question, but..


Øyvind Vestavik
Øvre Møllenberggt 44b
7014 Trondheim

On Fri, 19 Apr 2002, Cavan Morris wrote:

> Hey guys,
> I'm getting ready to go live with my webapp and need to ensure confidentiality on my
credit card billing page.
> I'm running Tomcat 4.0.2 on Redhat 7.2 with apache 2.0.32 and mod_webapp 1.0.2.  I just
got my ssl certificate from verisign and set up apache to require ssl on port 443.  HTTPS
request to the site work great.
> I am trying to user the following security constraint in my web.xml to require ssl in
certain areas.
> <security-constraint>
>     <web-resource-collection>
>         <web-resource-name>SSL Area</web-resource-name>
>         <url-pattern>/user/*</url-pattern>
>     </web-resource-collection>
>     <user-data-constraint>
>         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>     </user-data-constraint>
> </security-constraint>
> I also set the redirect port on my warp connector like so in server.xml
> <Connector className="org.apache.catalina.connector.warp.WarpConnector"
>      port="8008" minProcessors="5" maxProcessors="75"
>      enableLookups="false" redirectPort="443"
>      acceptCount="10" debug="0"/>
> The result...  Absolutely Nothing.
> The changes have no discernable effect, /user/* is not redirected.
> It may be important to note that I also have a standalone HTTP connector running that
does is set to redirect to port 8443 but the site is being accessed through the warp connector.
> What am I missing here??  Any thoughts on this would be very helpful.
> -Cavan Morris
> --
> To unsubscribe:   <>
> For additional commands: <>
> Troubles with the list: <>

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message