Uma, > Doug, > Thanks for reply. I am not clear with this line > >Add this to the web.xml of the app on the https side. > Do you mean to add those lines in the web.xml of "IBS" context(which > contain HTTPS files)? Yes
or the web.xml file present in the "conf" directory? No. Note that adding anything here will affect all apps on the server. > >Add the following elements to your context as well: > >crossContext="false" > >override="true" > >privileged="false' > Should I add them to the IBS context or IBS1 context? Both will be fine. This technically should not be needed, but to help security I would do it. Note add these after you get the addition to web.xml done and working. Then when you add these to the context, do them one at a time instead of all three at once. Just in case it breaks something. > > I will definitely post all of my configuration files to the mail-list. So > that it could be of some help to other developers. Sorry if my writing is confusing sometimes. Feel free to ask for clarification any time. Thank You Doug > "Parsons > Technical > Services" To > <parsonstechnical > @earthlink.net> "Tomcat Users List" > <[EMAIL PROTECTED]> > 03/31/2004 06:24 cc > PM > > > Please respond to > "Tomcat Users > List" Subject > <[EMAIL PROTECTED] Re: Configuring Tomcat on different > rta.apache.org> IP's > > > > > > > > > > > Uma, > > Do a ping localhost from the command line. It will only resolve to one > name. > So don't get concerned that it doesn't work. As long as the IPs work you > are > fine. > > Now for the access issue. Did you set up a security constraint in your > web.xml file? > > Add this to the web.xml of the app on the https side. > > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected Context</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <!-- auth-constraint goes here if you require authentication --> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > This is from the link I sent you earlier: > http://marc.theaimsgroup.com/?l=tomcat-user&m=104951559722619&w=2 > > This will prevent access to the webapp through http and force the client to > https. > > If I understand your problem, it is that the client can get to the webapp > from the http IP. > > Add the following elements to your context as well: > crossContext="false" > override="true" > privileged="false' > > As for the connector, I think Bill correct, so yes you can remove it. > > Let us know how it goes. > > Doug > > PS When you get it working, add the word SOLVED to the end of your subject > line and post all your config files. Just one way to give back to the list. > > Thanks > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Tuesday, March 30, 2004 10:52 PM > Subject: Re: Configuring Tomcat on different IP's > > > > > > > > > > > > Doug, > > I am finally getting something to work after doing lot of experiments. > Now > > the issue is > > 1)It does not work with http://localhost, seems to be a problem with my > > DNS. > > 2)It works with http://172.27.2.44 > > > > This address (172.27.2.44) is defined in the first service and the <host> > > tag has a context as > > <Context path="" docBase="/IBS1" debug="0"> > > </Context> > > Look its IBS1. This context has an index.jsp file which just fwd the > > request to https://172.27.2.246/IBS/Login.jsp > > > > This address (172.27.2.246) is defined in the second service and the > > <host> tag has a context as > > <Context path="" docBase="/IBS" debug="0"> > > </Context> > > Look its IBS now. This context has all the files that needs to run under > > https. > > > > 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he > > goes to https://172.27.2.246/IBS/d1.jsp > > > > 4)When the user changes the port to HTTP (in the address bar of the > > browser) and doesnt change the IP address as http://172.27.2.246 > > /IBS/d1.jsp, then the user gets "cannot find server". This is perfect. > > > > 5)When the user changes the port to HTTP and change the IP address (in > the > > address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am > > internally checking for the session, the programme finds the session is > > invalid and sends him to (HTTP Login page) http://172.27.2.44 > > /IBS/Login.jsp. Now the user still can access my IBS context files using > > http protocol and 80 port. > > > > Now see this IP configuration (172.27.2.44) on port 80 has got a context > > reference of IBS1 and it still supports IBS context that is on port 443. > > > > It seems to me that Tomcat 5 is still internally checking for the > contexts > > somewhere else other than the server.xml file. If we can disable that > then > > it should work fine. > > > > Can I know from where the Tomcat is reading the default <context>? So > that > > I can disable them? or if there is any better solution to this please > help > > me out. > > > > Thank you, > > Best Regards, > > Uma > > > > > > > > > > > > "Parsons > > Technical > > Services" > To > > <parsonstechnical > > @earthlink.net> "Tomcat Users List" > > <[EMAIL PROTECTED]> > > 03/30/2004 06:58 > cc > > PM > > > > > > Please respond to > > "Tomcat Users > > List" > Subject > > <[EMAIL PROTECTED] Re: Configuring Tomcat on > different > > rta.apache.org> IP's > > > > > > > > > > > > > > > > > > > > > > Uma, > > > > This has moved beyond my experiance. Other than experimenting or diving > > into > > the source what I suggest now is to reply to this post and edit the > subject > > line to read: > > > > Two service on one Tomcat instance.[Was Re: Configuring Tomcat on > different > > IP's] > > > > In the hope that someone with more information will respond. > > > > You may try google with a search based on tomcat and two or multiple > > service. > > > > Sorry I ran out of ideas. > > > > Doug > > > > > > ----- Original Message ----- > > From: <[EMAIL PROTECTED]> > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > Sent: Monday, March 29, 2004 11:50 PM > > Subject: Re: Configuring Tomcat on different IP's > > > > > > > > > > > > > > > > > > > Doug, > > > I fogot to tell you that the first context has only one .jsp file. Here > > is > > > the content of that "index.jsp" file > > > > > > <% > > > response.sendRedirect("https://172.27.2.246/IBS/Login.jsp";); > > > %> > > > > > > Thanks > > > Uma > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
