-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
On 1/4/2010 6:45 PM, Joe Hansen wrote:
I just forgot to enable the HTTPS Connector! Login form is working now
over https.
Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 /
Connector port=8443
Hey all,
We are using Tomcat 6.0 / Apache 2.2. We would like the user to login
over HTTPS rather than plain HTTP.
So, I have defined the following security-constraint in the web.xml
file of our web application:
security-constraint
display-nameLogin/display-name
From: Joe Hansen [mailto:joe.hansen...@gmail.com]
Subject: Help with security-constraint in web.xml
What do I need to do so that the user is directed to
https://ourwebsite.com/spring_security_login instead
Fix the redirectPort attribute in your Connector elements in conf/server.xml.
BTW
please elaborate on how
to do it or give me pointers on how it could be done?
Thank you!!
Joe
On Mon, Jan 4, 2010 at 2:57 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
From: Joe Hansen [mailto:joe.hansen...@gmail.com]
Subject: Help with security-constraint in web.xml
What do I
From: Joe Hansen [mailto:joe.hansen...@gmail.com]
Subject: Re: Help with security-constraint in web.xml
You were saying that I should handle the forced HTTPS redirection of
certain pages on the httpd end, right?
No, I said you could handle the SSL encryption/decryption in httpd
From: Joe Hansen [mailto:joe.hansen...@gmail.com]
Subject: Re: Help with security-constraint in web.xml
Only a couple of pages need to be served on HTTPS on our website. All
the remaining pages could be accessed using just HTTP.
Then I'd use what you've got and not try to optimize what
the login form.
I'm sure there must be a simple explanation. Chuck, please help me out!!
Thank you,
Joe
On Mon, Jan 4, 2010 at 3:25 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
From: Joe Hansen [mailto:joe.hansen...@gmail.com]
Subject: Re: Help with security-constraint in web.xml
From: Joe Hansen [mailto:joe.hansen...@gmail.com]
Subject: Re: Help with security-constraint in web.xml
However, when I enter the login credentials and submit the
form, nothing happens. Somehow changing the redirectPort
seems to have broken the login form.
Turn on the AccessLogValve to see
sslProtocol=TLS /
Connector port=8009 protocol=AJP/1.3 redirectPort=443 /
Many thanks for your help. You saved my day.
Thanks,
Joe
On Mon, Jan 4, 2010 at 4:06 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
From: Joe Hansen [mailto:joe.hansen...@gmail.com]
Subject: Re: Help with security
