Hi! stuart
I wish to make password-login page(secure pages)access through HTTPS.
For this I uncommented the "8443" port code in tomcat server.xml and has
redirectPort="8443" in 8080 port code.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="c:\keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS" />
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="150" connectionTimeout="20000"
enableLookups="false"
redirectPort="8443" />
In Dpsace web.xml (given below), I added the following security
constraints. Are there any modifications to be made in source code for
activating HTTPS access for password-login page and other secure pages?
I have gone through the link sent by Stuart.
http://wiki.dspace.org/index.php/ServletSecurity. Any help is
appreciated in this. Will these changes effect handlers in DSpace.
Thanks,
Jayan
<security-constraint>
<web-resource-collection>
<web-resource-name>
Protected Site
</web-resource-name>
<url-pattern>/profile</url-pattern>
<url-pattern>/register</url-pattern>
<url-pattern>/password-login</url-pattern>
<url-pattern>/ldap-login</url-pattern>
<http-method> DELETE </http-method>
<http-method> GET </http-method>
<http-method> POST </http-method>
<http-method> PUT </http-method>
</web-resource-collection>
<auth-constraint>
<!-- Roles that have access -->
<role-name> test </role-name>
</auth-constraint>
</security-constraint>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
