Julie Ruiz wrote:
> I have installed Tomcat+SSL. I need that my aplications be acceded only through a
>secure URL.
> How can I configure the context where are going to be the aplications that accede
>through a secure URL, but can´t be accede by a non secure URL??
>
For Tomcat+SSL stand-alone, you have a couple of choices:
* If you do not need the non-SSL port for anything else, you
can disable it by removing the <Connector> element for port 8080
from your "conf/server.xml" file.
* If you need non-SSL for other webapps and simply want to protect
this one, you can add a security constraint to your web.xml file:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
In this constraint, the URL pattern of "/*" protects your entire webapp (you could
also require SSL on only part of it, if you wished), while the
CONFIDENTIAL requirement means that SSL is required.
>
> Julie.
>
Craig McClanahan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
