Hello there, I use the classic Tomcat 5.0.18 without any modif.
I would like to protect a subset of my webapp. to do so, I did the following stuffs: - I configured my Tomcat to accept SSL - I added a security-constraint in web.xml I am facing the following problems: 1. the url-pattern /frwk/module/admin* does not work. I don't switch to Https. With a more simple pattern it works fine. 2. In my browser IE5.50 :-( , I got some links https://localhost:8080/framework... I then get error with those links. I truly don't understand the logic as when I see the properties of the page I see https://localhost:8433/framework. And My address bar is also https://localhost:8433/... ( due to a redirect ? ) 3. I was expecting Tomcat to switch from http to https and then from http to https when a page is outside the security pattern. It does not seem to be the case. It would have been to simple I imagine. If Any one has ever done such a thing, I would appreciate your hints. Here are my configs: in web.xml : <!-- Define a security constraint on this application --> <security-constraint> <display-name>Embedded Admin Module Security</display-name> <!-- Define the context-relative URL(s) to be protected --> <web-resource-collection> <web-resource-name>Admin module through actions</web-resource-name> <url-pattern>/frwk/module/admin*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>Admin module through Language Bar with tile as the forward</web-resource-name> <url-pattern>/i18n/processLocalization.do\?forward=frwk\.admin*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>Admin module through Language Bar with an action as the forward</web-resource-name> <url-pattern>/i18n/processLocalization.do\?forward=/frwk/module/admin*</url-pattern> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>framework</role-name> </auth-constraint> <user-data-constraint> <description>lets use https</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- Define the login configuration for this application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Framework Application</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <description> The role that is required to log in to the Administration Application </description> <role-name>framework</role-name> </security-role> In server.xml: <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" port="8080" redirectPort="8443" allowTrace="true"> </Connector> <Connector className="org.apache.coyote.tomcat5.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="tomcat" keystoreFile="c:/DGPE/jakarta-tomcat-5.0.18/certificates/keystore" > </Connector> Txs, Christophe Spielmann [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
