Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000
Professional.
I like to force tomcat work with some pages with htpps, for those tomcat is
configurated conf/web.xml with:
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="------------------------------------------------"
keystorePass="-------" />
When I access a jsp page manually with https://localhost:8443/............
works fine.
And my META-INF/web.xml of my application with:
<security-constraint>
<web-resource-collection>
<web-resource-name>sescam</web-resource-name>
<url-pattern>/sescam/Comun/LoginUsuario.jsp</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I think that this security constraint force tomcat to use https even if I
acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp,
redirecting automatically to
https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work
and i can view without problems the page on non https connection.
What is wrong?
Thanks.
Mariano L�pez
