On Saturday 11 January 2003 03:40 pm, Peter Lee wrote:
I asked this earlier, but I still got problems with it. I upgraded to
4.1.18, but I got some problems with security constraints.
I have applied a security constraint on a particular url pattern. Only
certain users with a special rolename can access that link. The data
transportation is also secure, therefore I put in a transport-guarantee
in web.xml
user-data-constraint
transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint
It used to work but now the page does not load with v4.1.18.
I got a blank page instead of a login page.
Is SSL implemented differently v4.1.18 that prevents my application
from working like before?
I think it has to do with rolenames. I put in the needed role in
tomcat-user.xml
already. Did I miss something?
Is there any documentation on tomcat v4.1.18 SSL security stuff?
Here is my security constraint in web.xml:
!-- Secure form
URLs of the form
http://localhost/Prefix/mypage
require SSL and are redirected to
https://localhost/Prefix/mypage --
security-constraint
web-resource-collection
web-resource-nameSSLspecial/web-resource-name
url-pattern/protectedpage/*/url-pattern
/web-resource-collection
auth-constraint
role-namespecialrole/role-name
/auth-constraint
user-data-constraint
transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint
/security-constraint
Did you read this?
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
Paul
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]