security-constraint not work in Tomcat 5.0.18 ?
Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile= keystorePass=--- / When I access a jsp page manually with https://localhost:8443/ works fine. And my META-INF/web.xml of my application with: security-constraint web-resource-collection web-resource-namesescam/web-resource-name url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano López
RE: security-constraint not work in Tomcat 5.0.18 ?
The tag security-constraint is related with Realm authenticator, not with SSL security. Juan. -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:11 Para: [EMAIL PROTECTED] Asunto: security-constraint not work in Tomcat 5.0.18 ? Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile= keystorePass=--- / When I access a jsp page manually with https://localhost:8443/ works fine. And my META-INF/web.xml of my application with: security-constraint web-resource-collection web-resource-namesescam/web-resource-name url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano López - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: security-constraint not work in Tomcat 5.0.18 ?
ok, then, How can i force tomcat using hppts with some jsp pages? Thanks Mariano López -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:17 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? The tag security-constraint is related with Realm authenticator, not with SSL security. Juan. -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:11 Para: [EMAIL PROTECTED] Asunto: security-constraint not work in Tomcat 5.0.18 ? Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile= keystorePass=--- / When I access a jsp page manually with https://localhost:8443/ works fine. And my META-INF/web.xml of my application with: security-constraint web-resource-collection web-resource-namesescam/web-resource-name url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano López - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: security-constraint not work in Tomcat 5.0.18 ?
Try this in your WEB-INF\web.xml application file security-constraint web-resource-collection web-resource-nameHTMLManger and Manager command/web-resource-name url-pattern/*.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint You must not fill in auth-constraint and use CONFIDENTIAL in transport-guarantee, so it should be used HTTPS to cipher data communications. Hope it works!!! -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:23 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? ok, then, How can i force tomcat using hppts with some jsp pages? Thanks Mariano López -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:17 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? The tag security-constraint is related with Realm authenticator, not with SSL security. Juan. -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:11 Para: [EMAIL PROTECTED] Asunto: security-constraint not work in Tomcat 5.0.18 ? Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile= keystorePass=--- / When I access a jsp page manually with https://localhost:8443/ works fine. And my META-INF/web.xml of my application with: security-constraint web-resource-collection web-resource-namesescam/web-resource-name url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano López - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: security-constraint not work in Tomcat 5.0.18 ?
It doesn't work, i can acces this pages using http and i like to force access https for this pages. Thanks -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:41 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? Try this in your WEB-INF\web.xml application file security-constraint web-resource-collection web-resource-nameHTMLManger and Manager command/web-resource-name url-pattern/*.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint You must not fill in auth-constraint and use CONFIDENTIAL in transport-guarantee, so it should be used HTTPS to cipher data communications. Hope it works!!! -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:23 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? ok, then, How can i force tomcat using hppts with some jsp pages? Thanks Mariano López -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:17 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? The tag security-constraint is related with Realm authenticator, not with SSL security. Juan. -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:11 Para: [EMAIL PROTECTED] Asunto: security-constraint not work in Tomcat 5.0.18 ? Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile= keystorePass=--- / When I access a jsp page manually with https://localhost:8443/ works fine. And my META-INF/web.xml of my application with: security-constraint web-resource-collection web-resource-namesescam/web-resource-name url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano López - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: security-constraint not work in Tomcat 5.0.18 ?
Hi Mariano, I 've proved this configuration in Tomcat 4.1.29 an it works. When I try to get my URI http://localhost:8080/chart/index.jsp I get redirect to https://localhost:8443/chart/index.jsp. I can see that in my browser. Have you configured your HTTP1.1 connector to redirect to HTTPS connector (port 8443 in my configuratio) the SSL request? Something like that: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / Juan. -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 11:31 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? It doesn't work, i can acces this pages using http and i like to force access https for this pages. Thanks -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:41 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? Try this in your WEB-INF\web.xml application file security-constraint web-resource-collection web-resource-nameHTMLManger and Manager command/web-resource-name url-pattern/*.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint You must not fill in auth-constraint and use CONFIDENTIAL in transport-guarantee, so it should be used HTTPS to cipher data communications. Hope it works!!! -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:23 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? ok, then, How can i force tomcat using hppts with some jsp pages? Thanks Mariano López -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:17 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? The tag security-constraint is related with Realm authenticator, not with SSL security. Juan. -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:11 Para: [EMAIL PROTECTED] Asunto: security-constraint not work in Tomcat 5.0.18 ? Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile= keystorePass=--- / When I access a jsp page manually with https://localhost:8443/ works fine. And my META-INF/web.xml of my application with: security-constraint web-resource-collection web-resource-namesescam/web-resource-name url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano López - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: security-constraint not work in Tomcat 5.0.18 ?
Yes, my configuration is: Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 URIEncoding=UTF-8 disableUploadTimeout=true / Could it be a tomcat bug in 5.0.18 ? -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 11:40 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? Hi Mariano, I 've proved this configuration in Tomcat 4.1.29 an it works. When I try to get my URI http://localhost:8080/chart/index.jsp I get redirect to https://localhost:8443/chart/index.jsp. I can see that in my browser. Have you configured your HTTP1.1 connector to redirect to HTTPS connector (port 8443 in my configuratio) the SSL request? Something like that: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / Juan. -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 11:31 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? It doesn't work, i can acces this pages using http and i like to force access https for this pages. Thanks -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:41 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? Try this in your WEB-INF\web.xml application file security-constraint web-resource-collection web-resource-nameHTMLManger and Manager command/web-resource-name url-pattern/*.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint You must not fill in auth-constraint and use CONFIDENTIAL in transport-guarantee, so it should be used HTTPS to cipher data communications. Hope it works!!! -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:23 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? ok, then, How can i force tomcat using hppts with some jsp pages? Thanks Mariano López -Mensaje original- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:17 Para: 'Tomcat Users List' Asunto: RE: security-constraint not work in Tomcat 5.0.18 ? The tag security-constraint is related with Realm authenticator, not with SSL security. Juan. -Mensaje original- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:11 Para: [EMAIL PROTECTED] Asunto: security-constraint not work in Tomcat 5.0.18 ? Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile= keystorePass=--- / When I access a jsp page manually with https://localhost:8443/ works fine. And my META-INF/web.xml of my application with: security-constraint web-resource-collection web-resource-namesescam/web-resource-name url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano López - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED