At 04:22 PM 6/2/2004, you wrote:
There is a web.xml file in my catalinahome/conf
directory. I have read that according to some
specifications somewhere, I should also have a web.xml
in every WEB-INF directory for each application. Does
the main web.xml file apply to all applications, and
the WEB-INF web.xml just add settings to the specific
applications, or does it OVERRIDE the main web.xml (so
I would need to include ALL the entries found in the
main file in ALL of the application level web.xml
files)?
The app-specific web.xml extends the global one (information
defined in the app-specific one overrides the global one, but
any information not overridden is inherited).
And what would an entry look like to force one
specific file to re-direct to the secure port? I can
only find very vague examples that secure entire
applications.
This is a Servlet spec thing -- see SRV.12.8 (Servlet2.3).
It's basically something like this in your web.xml (no
guarantees for code correctness here, but it should get you
started):
<security-constraint>
<web-resource-collection>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Thanks for the help thus far,
Justin Jaynes
No problem. Good luck.
justin
--- Justin Ruthenbeck <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> Square peg, round hole.
>
> It seems like the only reason you've split these
> into multiple hosts is
> to differentiate between secure and non-secure
> communication -- that's a
> bad idea. From what you've said, the best approach
> is to put all of the
> JSPs for (A) and (C) in the same webapp, but set
> <security-constraint>s
> for those resources (C) that require https.
>
> See:
>
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
>
> What you're describing here is a deployment-time
> problem -- it shouldn't
> impact your code in a major way like distributed
> sessions would cause.
>
> justin
>
>
> At 02:56 PM 6/2/2004, you wrote:
> >Hello,
> >
> >I am running Tomcat 5.0.25 on SuSE Linux 9.1. I am
> >running ONE Tomcat server with two services:
> >
> >1. Standalone on port 80, with two hosts:
> > A. A basic shopping site with a CartBean.java
> > that I set scope=session when I call it
> from
> > JSP's.
> > B. Another not related host.
> >
> >2. Standalone SECURE on port 443, with two hosts:
> > C. The secure checkout site for host A
> (above)
> > B. Another secure, but not related, host.
> >
> >My cart.jsp on host A uses checkout.jsp on host C
> to
> >process the request. However, the session with
> >CartBean objects does not carry over. How do I
> keep
> >my session alive from host to host on the same
> server?
> > And what if I decide to move the host C to
> another
> >server on another machine? Then what?
> >
> >Or is this the wrong approach? Is there a way to
> have
> >SOME secure jsp's on the same host as some
> non-secure
> >jsp's?
> >
> >And do I HAVE to have a WEB-INF directory for both
> >hosts, or could they somehow share a WEB-INF
> directory
> >so I only have to maintain ONE set of classes? I
> >tried using symbolic-link WEB-INF's to one big
> WEB-INF
> >directory, but it did NOT work.
> >
> >Justin Jaynes
> >
> >
> >
> >
> >__________________________________
> >Do you Yahoo!?
> >Friends. Fun. Try the all-new Yahoo! Messenger.
> >http://messenger.yahoo.com/
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
> ______________________________________________
> Justin Ruthenbeck
> Software Engineer, NextEngine Inc.
> justinr - AT - nextengine DOT com
> Confidential. See:
> http://www.nextengine.com/confidentiality.php
> ______________________________________________
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
______________________________________________
Justin Ruthenbeck
Software Engineer, NextEngine Inc.
justinr - AT - nextengine DOT com
Confidential. See:
http://www.nextengine.com/confidentiality.php
______________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]