I had been running Tomcat 5.0.16 standalone (it wouldn't start as a service) on Windows 2000 and j2sdk1.4.2 successfully. Yesterday, I installed 5.0.18 and was finally able to get it to run as a service. However, when I launch my timesheet application in the usual way, "http://localhost/timesheet";, I get "Page Cannot Be Displayed."
My timesheet context has the index.html welcome page shown below in the docbase directory of that context so the user will automatically be redirected to the login page. (I also have a copy of index.html is all other directories in the application so attempts to "drill down" into the application aways result in the login page.) I want the login to be done over SSL, so I have specified connectors for port 80 and 443 as shown below in the server.xml excerpt. In my original implementation, I had the index.html welcome page redirect to "https://localhost/timesheet/login.jsp";. Also, I had a check at the top fo the login.jsp page to redirect via HTTPS if the connection wasn't secure. Then I found out about the <security-constraint> element in my application's web.xml. Under 5.0.16, I added the <security-constraint> element to my web.xml, and it all worked, so I could simplify my JSP pages. Under 5.0.18, entering "http://localhost/timesheet"; in the browser results in Page Not Found. However, if I enter "https://localhost/timesheet"; (note the explicit HTTPS), the application launches correctly. So, it appears (to my understanding) that 5.0.18 is ignoring the <security-constraint> element in the application's web.xml. I know that Tomcat is sensitive to the ordering of elements in web.xml. In my case, the <security-constraint> element is the last element in <web-app>, which according to the DTD: <!ELEMENT web-app ( . . . security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*)> is acceptable, since I don't have any of the other elements that follows <security-constraint>. Is the problem with 5.0.18, or am I missing something? Merrill ------------------- index.html -------------------------------------------- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd";> <html> <head> <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'> <meta http-equiv='refresh' content='0;URL=/timesheet/login.jsp'> </head> <body></body> </html> ------------------- server.xml -------------------------------------------- . . . <Connector port="80" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="443" acceptCount="100" debug="0" connectionTimeout="20000" disableUploadTimeout="true" /> <Connector port="443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> . . . ------------------- context web.xml -------------------------------------- <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> <web-app> . . . <security-constraint> <display-name>ConnectTel Timesheet Application Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>*.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
