Re: http to https how ?
Did you know that specifying GET and POST means that the other http methods like DELETE and PUT will not be secure? On 01/13/2004 04:53 PMnbsp;Keshav Sarin wrote: Another way to secure resources is to define them in web.xml. Usually this setting has worked for me. security-constraint web-resource-collection web-resource-nameapp or resource name/web-resource-name url-pattern/*/url-pattern !-- define all url patterns that need to be protected-- http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint If someone tries to access the above url pattern over http, the server automatically redirects to a https connection. [EMAIL PROTECTED] 01/13/04 08:22AM There are many theories out there. From personal experience, the simplest/cleanest way to do it is with Struts + the sslext plugin. But even then, don't expect it to be trivial. Run some Google searches to find components, tutorials, articles, etc. Those things should make your life a little easier. -Original Message- From: ext Mufaddal Khumri [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 6:12 PM To: Tomcat Users List Subject: http to https how ? Hi, Have a page First.jsp When a user comes to http://my.domain.com/First.jsp ... I would like to redirect him or her to https://my.domain.com/First.jsp. How do I do this on my jsp ? I tried % request.redirect(https://my.domain.com/First.jsp;) % , but i get an exception saying cannot resolve symbol symbol : method redirect (java.lang.String) location: interface javax.servlet.http.HttpServletResponse response.redirect(path); Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: http to https how ?
True. There should be http-method entry for each protected http method. [EMAIL PROTECTED] 01/14/04 06:24AM Did you know that specifying GET and POST means that the other http methods like DELETE and PUT will not be secure? On 01/13/2004 04:53 PMnbsp;Keshav Sarin wrote: Another way to secure resources is to define them in web.xml. Usually this setting has worked for me. security-constraint web-resource-collection web-resource-nameapp or resource name/web-resource-name url-pattern/*/url-pattern !-- define all url patterns that need to be protected-- http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint If someone tries to access the above url pattern over http, the server automatically redirects to a https connection. [EMAIL PROTECTED] 01/13/04 08:22AM There are many theories out there. From personal experience, the simplest/cleanest way to do it is with Struts + the sslext plugin. But even then, don't expect it to be trivial. Run some Google searches to find components, tutorials, articles, etc. Those things should make your life a little easier. -Original Message- From: ext Mufaddal Khumri [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 6:12 PM To: Tomcat Users List Subject: http to https how ? Hi, Have a page First.jsp When a user comes to http://my.domain.com/First.jsp ... I would like to redirect him or her to https://my.domain.com/First.jsp. How do I do this on my jsp ? I tried % request.redirect(https://my.domain.com/First.jsp;) % , but i get an exception saying cannot resolve symbol symbol : method redirect (java.lang.String) location: interface javax.servlet.http.HttpServletResponse response.redirect(path); Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: http to https how ?
There are many theories out there. From personal experience, the simplest/cleanest way to do it is with Struts + the sslext plugin. But even then, don't expect it to be trivial. Run some Google searches to find components, tutorials, articles, etc. Those things should make your life a little easier. -Original Message- From: ext Mufaddal Khumri [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 6:12 PM To: Tomcat Users List Subject: http to https how ? Hi, Have a page First.jsp When a user comes to http://my.domain.com/First.jsp ... I would like to redirect him or her to https://my.domain.com/First.jsp. How do I do this on my jsp ? I tried % request.redirect(https://my.domain.com/First.jsp;) % , but i get an exception saying cannot resolve symbol symbol : method redirect (java.lang.String) location: interface javax.servlet.http.HttpServletResponse response.redirect(path); Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: http to https how ?
Another way to secure resources is to define them in web.xml. Usually this setting has worked for me. security-constraint web-resource-collection web-resource-nameapp or resource name/web-resource-name url-pattern/*/url-pattern !-- define all url patterns that need to be protected-- http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint If someone tries to access the above url pattern over http, the server automatically redirects to a https connection. [EMAIL PROTECTED] 01/13/04 08:22AM There are many theories out there. From personal experience, the simplest/cleanest way to do it is with Struts + the sslext plugin. But even then, don't expect it to be trivial. Run some Google searches to find components, tutorials, articles, etc. Those things should make your life a little easier. -Original Message- From: ext Mufaddal Khumri [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 6:12 PM To: Tomcat Users List Subject: http to https how ? Hi, Have a page First.jsp When a user comes to http://my.domain.com/First.jsp ... I would like to redirect him or her to https://my.domain.com/First.jsp. How do I do this on my jsp ? I tried % request.redirect(https://my.domain.com/First.jsp;) % , but i get an exception saying cannot resolve symbol symbol : method redirect (java.lang.String) location: interface javax.servlet.http.HttpServletResponse response.redirect(path); Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
http to https how ?
Hi, Have a page First.jsp When a user comes to http://my.domain.com/First.jsp ... I would like to redirect him or her to https://my.domain.com/First.jsp. How do I do this on my jsp ? I tried % request.redirect(https://my.domain.com/First.jsp;) % , but i get an exception saying cannot resolve symbol symbol : method redirect (java.lang.String) location: interface javax.servlet.http.HttpServletResponse response.redirect(path); Thanks.
Re:CORRECTION http to https how ?
I meant response.redirect(path) On Jan 12, 2004, at 5:11 PM, Mufaddal Khumri wrote: Hi, Have a page First.jsp When a user comes to http://my.domain.com/First.jsp ... I would like to redirect him or her to https://my.domain.com/First.jsp. How do I do this on my jsp ? I tried % request.redirect(https://my.domain.com/First.jsp;) % , but i get an exception saying cannot resolve symbol symbol : method redirect (java.lang.String) location: interface javax.servlet.http.HttpServletResponse response.redirect(path); Thanks.
Re: http to https how ?
I do this: if (! request.isSecure()) { response.sendRedirect(https://www.yourdomain.org/your.jsp?;); } dave On Mon, 2004-01-12 at 19:11, Mufaddal Khumri wrote: Hi, Have a page First.jsp When a user comes to http://my.domain.com/First.jsp ... I would like to redirect him or her to https://my.domain.com/First.jsp. How do I do this on my jsp ? I tried % request.redirect(https://my.domain.com/First.jsp;) % , but i get an exception saying cannot resolve symbol symbol : method redirect (java.lang.String) location: interface javax.servlet.http.HttpServletResponse response.redirect(path); Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: http to https how ?
sorry, forget the ? after the url, that is: if (! request.isSecure()) { response.sendRedirect(https://www.yourdomain.org/your.jsp;); } On Mon, 2004-01-12 at 23:13, David Evans wrote: I do this: if (! request.isSecure()) { response.sendRedirect(https://www.yourdomain.org/your.jsp?;); } dave On Mon, 2004-01-12 at 19:11, Mufaddal Khumri wrote: Hi, Have a page First.jsp When a user comes to http://my.domain.com/First.jsp ... I would like to redirect him or her to https://my.domain.com/First.jsp. How do I do this on my jsp ? I tried % request.redirect(https://my.domain.com/First.jsp;) % , but i get an exception saying cannot resolve symbol symbol : method redirect (java.lang.String) location: interface javax.servlet.http.HttpServletResponse response.redirect(path); Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: switch between http and https. how?
On Thu, 25 Oct 2001, Taavi Tiirik wrote: Date: Thu, 25 Oct 2001 16:36:35 +0200 From: Taavi Tiirik [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: switch between http and https. how? I have Tomcat 4 running fine with both http and https protocols. I would like to use http for serving most of the documents and only j_security_check (form based login) should be done over https. How can I configure this? There is no way to configure this. Furthermore, it would be unsafe to rely on this for any sort of security. Consider the fact that the session id cookie is still transmitted in clear text, so anyone snooping on the network could easily swipe your session id (and thus impersonate that user for as long as the session remained alive), even though they could not see the password because it was encrypted. with best wishes, Taavi Craig
RE: switch between http and https. how?
I have Tomcat 4 running fine with both http and https protocols. I would like to use http for serving most of the documents and only j_security_check (form based login) should be done over https. How can I configure this? There is no way to configure this. Thanks, Craig! Now I am a bit lost. Would it make sense then to have a whole site served over https? What are the best practices of secureing login information as well as session id cookie? with best wishes, Taavi
RE: switch between http and https. how?
On Fri, 26 Oct 2001, Taavi Tiirik wrote: Date: Fri, 26 Oct 2001 17:16:19 +0200 From: Taavi Tiirik [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: switch between http and https. how? I have Tomcat 4 running fine with both http and https protocols. I would like to use http for serving most of the documents and only j_security_check (form based login) should be done over https. How can I configure this? There is no way to configure this. Thanks, Craig! Now I am a bit lost. Would it make sense then to have a whole site served over https? If you are concerned about someone hijacking your session, that's pretty much the only choice. What are the best practices of secureing login information as well as session id cookie? with best wishes, Taavi Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
switch between http and https. how?
I have Tomcat 4 running fine with both http and https protocols. I would like to use http for serving most of the documents and only j_security_check (form based login) should be done over https. How can I configure this? with best wishes, Taavi