Howdy, Almost certainly the ISAPI Redirector's fault, since as you mention Tomcat works fine by itself. What if you only allow https access to secure URLs?
Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: cprs-develop [mailto:[EMAIL PROTECTED] >Sent: Thursday, January 08, 2004 2:33 PM >To: [EMAIL PROTECTED] >Subject: Enabling SSL on specific URLs using IIS and Tomcat >Importance: High > >Hello All: > >I am running Apache Tomcat 4.1.27, with IIS 5.0 on Windows 2000 >Professional configured to serve the JSP pages using the ISAPI >redirector. > >I have also configured SSL support using the Windows IIS management >console. > >Currently JSP pages can be accessed using the >http://SomeHost/SomeDirectory or https://SomeHost/SomeDirectory URL. > >I am trying to specify URLs that should be available only through SSL. >For this, I have added the <security-constraint> section in web.xml for >the relevant webapp directory. > ><web-app> >. . . . . ></welcome-file-list> > ><!-- All resources under the /SSL directory should only be available via >SSL --> > ><security-constraint> > <web-resource-collection> > <web-resource-name>SSL</web-resource-name> > <url-pattern>/SSL/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > ></web-app> > >Now, when I try to access the resources under the /SSL directory, (using >http or https) IIS gives me a "Page not found" error message. > >However, if I disable IIS and run Tomcat independently, directory >security is enabled, and everything works fine, i.e., if I use >http://SomeHost/webapp/SSL, it automatically redirects to >https://SomeHost/webapp/SSL. > >I found an earlier thread >(http://mikal.org/interests/java/tomcat/archive/view?mesg=44502) which >mentions that the ISAPI redirector may be to blame, but I am not sure if >it applies in this scenario. > >Any help would be greatly appreciated. > >Thanks, >Vic > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
