Inheritance of deployment-descriptor / problems with forwadring HTTP to HTTPS

2011-12-01 Thread Gregor S. 
Dear list,

sorry to bug you with this, but I asked my question already in tomcat
user list, alas, no answer yet :(

Since I couldn't find any information in the docs, I'; wondering if
one of the commiters could shed some light how the inheritance /
defaulting of the deployment-descriptor works inside of tomcat?

It's NOT about how to forward http to https but it's about how the
default web.xml-settings are inherited to any webapp's web.xml.

I'd really, really appreciate if somepody could give me a hint here.

TIA

Gregor


I want to forward all incoming HTTP-traffic to HTTPS.

Within my $catalina.home/conf/server.xml I've specified the following
connectors:

   Connector port=80 protocol=HTTP/1.1
              connectionTimeout=2
              redirectPort=443 /

   Connector port=443 maxHttpHeaderSize=8192
              maxThreads=150
              enableLookups=false disableUploadTimeout=true
              acceptCount=100 scheme=https secure=true
              SSLEnabled=true
              SSLCertificateFile=${catalina.base}/conf/test.dom.crt
              SSLCertificateKeyFile=${catalina.base}/conf/test.dom.key /

Then I specified in $catalina.home/conf/web.xml the following
transport-guarantee:

       security-constraint
               web-resource-collection
                       web-resource-nameProtected Context/web-resource-name
                               url-pattern/*/url-pattern
               /web-resource-collection
               user-data-constraint
                       transport-guaranteeCONFIDENTIAL/transport-guarantee
               /user-data-constraint
       /security-constraint

In my webapp, additionally I also specified some additional
security-constraints as follows:

   security-constraint
       web-resource-collection
       web-resource-nameProtected Area/web-resource-name
               url-pattern/*/url-pattern
       /web-resource-collection
       auth-constraint
               role-namesomeuser/role-name
       /auth-constraint
   /security-constraint

However, when I call the webapp using http://mywebapp.something, it is
not redirected to HTTPS but the HTTP-scheme is used.

However, when I remove the security-constraints from
$catalina.base/conf/web.xml and change the webapp's
deployment-descriptor to

   security-constraint
       web-resource-collection
       web-resource-nameProtected Area/web-resource-name
               url-pattern/*/url-pattern
       /web-resource-collection
       user-data-constraint
               transport-guaranteeCONFIDENTIAL/transport-guarantee
       /user-data-constraint
       !-- describes the valid roles for this app --
       auth-constraint
               role-namedomuser/role-name
       /auth-constraint
   /security-constraint

it's working.

My understanding was, that in the global web.xml
($catalina.home/conf/web.xml) the defaults are specified and promoted
to all webapps. But it seems as the webapp doesn't inherit the element
user-data-constraints from the global web.xml if it specifies it's
own security-constraints - my expectation was, that it inherits
those elements not specified inside the webapp's
deployment-descriptor.

Is is such, that if I specify security-constraints in my local
webapp, the global setting in $catalina.home/conf/web.xml are always
overwritten? If not - where does the inheritiance start and where does
it end?

My business-case is, that I do have a whole bunch of webapps which
have to be re-directed to HTTPS, each of them having their own
security-constraints since you'll have to login to access them, and
additionally multiple domains, so that changing each
deployment-descriptor is giving me a major headache.

I couldn't find anything in the documentation  - or let me re-phrase
it: I understood it that way that each element is inherited from the
global deployment-descriptor if not specified in the webapp's own
deployment-descriptor.

If somebody could shed some light here or point me to to right docs,
that would be great.

My configuration:

Using CATALINA_BASE:   /home/tomcat/local/apache-tomcat-6.0.33
Using CATALINA_HOME:   /home/tomcat/local/apache-tomcat-6.0.33
Using CATALINA_TMPDIR: /home/tomcat/local/apache-tomcat-6.0.33/temp
Using JRE_HOME:        /usr/lib/jvm/java-6-sun
Using CLASSPATH:       /home/tomcat/local/apache-tomcat-6.0.33/bin/bootstrap.jar
Server version: Apache Tomcat/6.0.33
Server built:   Aug 16 2011 02:16:34
Server number:  6.0.33.0
OS Name:        Linux
OS Version:     2.6.26-2-686
Architecture:   i386
JVM Version:    1.6.0_26-b03
JVM Vendor:     Sun Microsystems Inc.

I'm also using the APR, thus using OpenSSL as SSL-implementation.

TIA

Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands,

Question regarding of an implementation of a custom Valve

2011-10-21 Thread Gregor S. 
Hi guys,

for some reasons, I need to implement a Valve within Tomcat 6, and
everything's running smoothely.

I put the Valve into my Context-definition, fire up Tomcat  there we go.

However, I just don't see how I can access any parameters inside the
Valve-specification inside the Context-definition.

Let's say I have the following Valve-definition inside my Context:

Valve className=com.cr.web.util.LoginValve
   path=somePath/

How can I access the attribute path in the above definition?

I looked up the source of AccesslogValve, but I didn't see any
browsing of the Valve/

Is it that I just have to specify a getter / setter inside my
Valve-source for the corresponding attribute inside the
Valve-specification, and it will be picked up automatically?

Sorry if this is a lame question, but I'm not into Tomcat's source,
and before spending hours and hours, I'd rather ask the guys who
should know ;)

TIA!

Gregor

-- 
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org