Try this in your WEB-INF\web.xml application file
<security-constraint>
<web-resource-collection>
<web-resource-name>HTMLManger and Manager command</web-resource-name>
<url-pattern>/*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
You must not fill in <auth-constraint> and use CONFIDENTIAL in
<transport-guarantee>, so it should be used HTTPS
to cipher data communications.
Hope it works!!!
-----Mensaje original-----
De: Mariano [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:23
Para: 'Tomcat Users List'
Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ?
ok, then, How can i force tomcat using hppts with some jsp pages?
Thanks
Mariano L�pez
-----Mensaje original-----
De: Juan de Bravo [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:17
Para: 'Tomcat Users List'
Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ?
The tag <security-constraint> is related with Realm authenticator, not
with SSL security.
Juan.
-----Mensaje original-----
De: Mariano [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:11
Para: [EMAIL PROTECTED]
Asunto: <security-constraint> not work in Tomcat 5.0.18 ?
Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000
Professional.
I like to force tomcat work with some pages with htpps, for those tomcat
is
configurated conf/web.xml with:
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="------------------------------------------------"
keystorePass="-------" />
When I access a jsp page manually with
https://localhost:8443/............
works fine.
And my META-INF/web.xml of my application with:
<security-constraint>
<web-resource-collection>
<web-resource-name>sescam</web-resource-name>
<url-pattern>/sescam/Comun/LoginUsuario.jsp</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I think that this security constraint force tomcat to use https even if
I
acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp,
redirecting automatically to
https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't
work
and i can view without problems the page on non https connection.
What is wrong?
Thanks.
Mariano L�pez
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
