In our server.xml (Tomcat 4.1), we have a context that is used to serve up static content (PDFs) that are collected in a directory on our server:
<Context path="/pdf" appBase="" docBase="/path/to/pdfs" reloadable="true"></Context>
There is no war or other webapp involved here, just the folder with the static files, and thus no web.xml either... (Don't worry, we are making much use of the servlet API elsewhere on the same server ;)
Now, we want to serve these files up through SSL - we have the SSL Connector configured correctly, everything's just great, BUT a savvy user can still get the files through non-SSL by changing the URL. So - is there any way to *enforce* that this context is accessed only through SSL?
I have seen documentation suggesting something like the following:
<user-data-constraint transport-guarantee="CONFIDENTIAL"/>
But this goes in web.xml, and again, we have none here - do we need to make one just to enforce this constraint? Or is there some way to enforce this from within the server.xml file itself, perhaps within the above <context> section?
Any help would be appreciated.
Cheers, Ossie
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
