Hi again,
After some changes to my security-constraint tag I finally got the HTTP
request to be redirected to its equivalent HTTPS request. However, this time I
get an error as follows:
Apache Tomcat/4.0.1 - HTTP Status 500 - Configuration error: Cannot perform
access control without an authenticated principal
type Status report
message: Configuration error: Cannot perform access control without an
authenticated principal
description: The server encountered an internal error (Configuration error:
Cannot perform access control without an authenticated principal) that
prevented it from fulfilling this request.
Is there no way I can use a secure transport without creating a principal in
Tomcat. I do my own authentication. I do not want to use tomcat-users.xml etc. I
just want the transport to be SSL.
Here's how my tag looks like:
security-constraint
web-resource-collection
web-resource-nameconsole/web-resource-name
url-pattern/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web-resource-collection
auth-constraint
role-name*/role-name
/auth-constraint
user-data-constraint
transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint
/security-constraint
Thanks a lot.
Sincerely,
-Ratnadeep.
- Begin Forwarded Message -
Hello all,
I am having some problems getting automatic redirection to HTTPS working. What I
want do is as follows:
If the user types a URL http://host:port/myapp it should be redirected to
https://host:secure_port/myapp. If you had encountered this problem and found a
solution could you please share it with me.
I followed the instructions in servlet 2.3 spec and Tomcat and added the
security-constraint tag but it did not work for me. Should the web-resource-name
tag match a real web resource - or can it be any arbitrary name?
security-constraint
web-resource-collection
web-resource-namelogon/web-resource-name
url-pattern/console/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web-resource-collection
user-data-constraint
transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint
/security-constraint
I am running Tomcat 4.0.1.
Thanks.
-Ratnadeep.
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]