High Craigh,
Didn't work. I still can do http://localhost:8080/wlss/another_page.jsp
<http://localhost:8080/wlss/another_page.jsp> , which is not SSL, and get
answered. I was expecting a NOT FOUND error on port 8080. Is this the
expected behaviour ?
The logs don't show anything either.
Version 3.2b7 on NT4.0sp6 JDK 1.3 JSSE1.0.2.
Do I need a test certificate from a cert auth to get this running (don't
think so)?
Thanks,
Wellington
-----Original Message-----
From: Craig R. McClanahan
[mailto:[EMAIL PROTECTED]]
Sent: 16 November 2000 04:19
To: [EMAIL PROTECTED]
Subject: Re: using SSL on standalone Tomcat - Urgent
!
"Lacerda, Wellington (AFIS)" wrote:
> Hi All,
>
> I've set up SSL on a 3.2b7 instance. Also I defined a
context, say /wlss,
> with a directory and a resource, say /wlss1/index.htm
inside that context.
>
> I want to configure that context in such a way that the
access to
> /wlss1/index.htm is only allowed if the transport is
guaranteed at
> confidential level(SSL). I read the spec and created this
web.xml to do the
> job:
>
> <web-app>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>a</web-resource-name>
> <url-pattern>/wlss1/*</url-pattern>
Change this to "/*". The <url-pattern> setting is relative
to your context,
not to the server root.
>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <user-data-constraint>
>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </web-resource-collection>
> </security-constraint>
> </web-app>
>
> By my understanding, I'm allowing access to the resource
collection "a" -
> mapped to /wlss1/anything with GET or POST only through a
confidential
> transport - SSL.
>
> It's not working at all. I can still access it through
normal http. Am I
> missing something here ?
>
> Another question - how to impose confidential transport to
the entire
> context ?
>
> Thanks in advance for any help,
>
> Wellington Silva
> UN/FAO
Craig McClanahan
