automatic redirection to HTTPS

[Ratnadeep Bhattacharjee]

Hello all,

I am having some problems getting automatic redirection to HTTPS working. What I 
want do is as follows:

If the user types a URL http://host:port/myapp it should be redirected to 
https://host:secure_port/myapp. If you had encountered this problem and found a 
solution could you please share it with me. 

I followed the instructions in servlet 2.3 spec and Tomcat and added the 
security-constraint tag but it did not work for me. Should the web-resource-name 
tag match a real web resource - or can it be any arbitrary name?
 
  security-constraint
   web-resource-collection
 web-resource-namelogon/web-resource-name
url-pattern/console/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
   /web-resource-collection
   user-data-constraint
 transport-guaranteeCONFIDENTIAL/transport-guarantee
   /user-data-constraint
  /security-constraint

I am running Tomcat 4.0.1. 

Thanks.

-Ratnadeep.



--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

automatic redirection to HTTPS

[Ratnadeep Bhattacharjee]

Hi again,

After some changes to my security-constraint tag I finally got the HTTP 
request to be redirected to its equivalent HTTPS request. However, this time I 
get an error as follows:

Apache Tomcat/4.0.1 - HTTP Status 500 - Configuration error: Cannot perform
access control without an authenticated principal


type Status report

message: Configuration error: Cannot perform access control without an 
authenticated principal

description: The server encountered an internal error (Configuration error: 
Cannot perform access control without an authenticated principal) that
prevented it from fulfilling this request.

Is there no way I can use a secure transport without creating a principal in 
Tomcat. I do my own authentication. I do not want to use tomcat-users.xml etc. I 
just want the transport to be SSL. 

Here's how my tag looks like:

  security-constraint
   web-resource-collection
 web-resource-nameconsole/web-resource-name
url-pattern/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
   /web-resource-collection
auth-constraint
  role-name*/role-name
/auth-constraint
   user-data-constraint
 transport-guaranteeCONFIDENTIAL/transport-guarantee
   /user-data-constraint
  /security-constraint

Thanks a lot.

Sincerely,
-Ratnadeep.

- Begin Forwarded Message -
Hello all,

I am having some problems getting automatic redirection to HTTPS working. What I 
want do is as follows:

If the user types a URL http://host:port/myapp it should be redirected to 
https://host:secure_port/myapp. If you had encountered this problem and found a 
solution could you please share it with me. 

I followed the instructions in servlet 2.3 spec and Tomcat and added the 
security-constraint tag but it did not work for me. Should the web-resource-name 
tag match a real web resource - or can it be any arbitrary name?
 
  security-constraint
   web-resource-collection
 web-resource-namelogon/web-resource-name
url-pattern/console/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
   /web-resource-collection
   user-data-constraint
 transport-guaranteeCONFIDENTIAL/transport-guarantee
   /user-data-constraint
  /security-constraint

I am running Tomcat 4.0.1. 

Thanks.

-Ratnadeep.




--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

API for org.apache.* classes

[Ratnadeep Bhattacharjee]

Hello,

Could someone please tell me where I could find the javadocs for the 
org.apache.* classes. I downloaded jakarta-tomcat-3.2.1 (binary) but could not 
find them in the accompanying docs. 

Thanks.
-Deep.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]