It doesn't work, i can acces this pages using http and i like to force access https for this pages.
Thanks -----Mensaje original----- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:41 Para: 'Tomcat Users List' Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ? Try this in your WEB-INF\web.xml application file <security-constraint> <web-resource-collection> <web-resource-name>HTMLManger and Manager command</web-resource-name> <url-pattern>/*.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> You must not fill in <auth-constraint> and use CONFIDENTIAL in <transport-guarantee>, so it should be used HTTPS to cipher data communications. Hope it works!!! -----Mensaje original----- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:23 Para: 'Tomcat Users List' Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ? ok, then, How can i force tomcat using hppts with some jsp pages? Thanks Mariano L�pez -----Mensaje original----- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:17 Para: 'Tomcat Users List' Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ? The tag <security-constraint> is related with Realm authenticator, not with SSL security. Juan. -----Mensaje original----- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:11 Para: [EMAIL PROTECTED] Asunto: <security-constraint> not work in Tomcat 5.0.18 ? Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="------------------------------------------------" keystorePass="-------" /> When I access a jsp page manually with https://localhost:8443/............ works fine. And my META-INF/web.xml of my application with: <security-constraint> <web-resource-collection> <web-resource-name>sescam</web-resource-name> <url-pattern>/sescam/Comun/LoginUsuario.jsp</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano L�pez --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
