Hi Mariano, I 've proved this configuration in Tomcat 4.1.29 an it works.
When I try to get my URI http://localhost:8080/chart/index.jsp I get redirect to https://localhost:8443/chart/index.jsp. I can see that in my browser. Have you configured your HTTP1.1 connector to redirect to HTTPS connector (port 8443 in my configuratio) the SSL request? Something like that: <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true" /> Juan. -----Mensaje original----- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 11:31 Para: 'Tomcat Users List' Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ? It doesn't work, i can acces this pages using http and i like to force access https for this pages. Thanks -----Mensaje original----- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:41 Para: 'Tomcat Users List' Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ? Try this in your WEB-INF\web.xml application file <security-constraint> <web-resource-collection> <web-resource-name>HTMLManger and Manager command</web-resource-name> <url-pattern>/*.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> You must not fill in <auth-constraint> and use CONFIDENTIAL in <transport-guarantee>, so it should be used HTTPS to cipher data communications. Hope it works!!! -----Mensaje original----- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:23 Para: 'Tomcat Users List' Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ? ok, then, How can i force tomcat using hppts with some jsp pages? Thanks Mariano L�pez -----Mensaje original----- De: Juan de Bravo [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:17 Para: 'Tomcat Users List' Asunto: RE: <security-constraint> not work in Tomcat 5.0.18 ? The tag <security-constraint> is related with Realm authenticator, not with SSL security. Juan. -----Mensaje original----- De: Mariano [mailto:[EMAIL PROTECTED] Enviado el: jueves, 19 de febrero de 2004 10:11 Para: [EMAIL PROTECTED] Asunto: <security-constraint> not work in Tomcat 5.0.18 ? Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000 Professional. I like to force tomcat work with some pages with htpps, for those tomcat is configurated conf/web.xml with: <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="------------------------------------------------" keystorePass="-------" /> When I access a jsp page manually with https://localhost:8443/............ works fine. And my META-INF/web.xml of my application with: <security-constraint> <web-resource-collection> <web-resource-name>sescam</web-resource-name> <url-pattern>/sescam/Comun/LoginUsuario.jsp</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> I think that this security constraint force tomcat to use https even if I acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp, redirecting automatically to https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work and i can view without problems the page on non https connection. What is wrong? Thanks. Mariano L�pez --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
