I am currently forcing my app to use https. Here is what I have in my =
app web.xml file and it works as intended
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I also now want to restrict the browser from pulling up files in certain =
directories. Search the web I see to use the following=20
<security-constraint>
<web-resource-collection>
=
<web-resource-name>HTTP-Protected-Resource-1</web-resource-name>
<description>Description here</description>
<url-pattern >/path to directory/path to =
directory/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
These both work independently of each other. What I can=E2=80=99t =
figure out is how to make them work together. When I try that, all =
files are forbidden as it appears the <url-pattern>/*</url-pattern> =
locks everything down. But without it, I cannot get tomcat to force =
http to https.
Can anyone help with this?
Thanks,
Kent Cole
