Doug,
Thanks for the info. I will try these settings and get back to you.
Thank you,
Best Regards,
Uma
"Parsons
Technical
Services" To
<parsonstechnical
@earthlink.net> "Tomcat Users List"
<[EMAIL PROTECTED]>
03/31/2004 06:58 cc
PM
Please respond to
"Tomcat Users
List" Subject
<[EMAIL PROTECTED] Re: Configuring Tomcat on different
rta.apache.org> IP's
Uma,
> Doug,
> Thanks for reply. I am not clear with this line
> >Add this to the web.xml of the app on the https side.
> Do you mean to add those lines in the web.xml of "IBS" context(which
> contain HTTPS files)?
Yes
or the web.xml file present in the "conf" directory?
No. Note that adding anything here will affect all apps on the server.
> >Add the following elements to your context as well:
> >crossContext="false"
> >override="true"
> >privileged="false'
> Should I add them to the IBS context or IBS1 context?
Both will be fine. This technically should not be needed, but to help
security I would do it.
Note add these after you get the addition to web.xml done and working. Then
when you add these to the context, do them one at a time instead of all
three at once. Just in case it breaks something.
>
> I will definitely post all of my configuration files to the mail-list. So
> that it could be of some help to other developers.
Sorry if my writing is confusing sometimes. Feel free to ask for
clarification any time.
Thank You
Doug
> "Parsons
> Technical
> Services"
To
> <parsonstechnical
> @earthlink.net> "Tomcat Users List"
> <[EMAIL PROTECTED]>
> 03/31/2004 06:24
cc
> PM
>
>
> Please respond to
> "Tomcat Users
> List"
Subject
> <[EMAIL PROTECTED] Re: Configuring Tomcat on
different
> rta.apache.org> IP's
>
>
>
>
>
>
>
>
>
>
> Uma,
>
> Do a ping localhost from the command line. It will only resolve to one
> name.
> So don't get concerned that it doesn't work. As long as the IPs work you
> are
> fine.
>
> Now for the access issue. Did you set up a security constraint in your
> web.xml file?
>
> Add this to the web.xml of the app on the https side.
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Context</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <!-- auth-constraint goes here if you require authentication -->
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> This is from the link I sent you earlier:
> http://marc.theaimsgroup.com/?l=tomcat-user&m=104951559722619&w=2
>
> This will prevent access to the webapp through http and force the client
to
> https.
>
> If I understand your problem, it is that the client can get to the webapp
> from the http IP.
>
> Add the following elements to your context as well:
> crossContext="false"
> override="true"
> privileged="false'
>
> As for the connector, I think Bill correct, so yes you can remove it.
>
> Let us know how it goes.
>
> Doug
>
> PS When you get it working, add the word SOLVED to the end of your
subject
> line and post all your config files. Just one way to give back to the
list.
>
> Thanks
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <[EMAIL PROTECTED]>
> Sent: Tuesday, March 30, 2004 10:52 PM
> Subject: Re: Configuring Tomcat on different IP's
>
>
> >
> >
> >
> >
> > Doug,
> > I am finally getting something to work after doing lot of experiments.
> Now
> > the issue is
> > 1)It does not work with http://localhost, seems to be a problem with my
> > DNS.
> > 2)It works with http://172.27.2.44
> >
> > This address (172.27.2.44) is defined in the first service and the
<host>
> > tag has a context as
> > <Context path="" docBase="/IBS1" debug="0">
> > </Context>
> > Look its IBS1. This context has an index.jsp file which just fwd the
> > request to https://172.27.2.246/IBS/Login.jsp
> >
> > This address (172.27.2.246) is defined in the second service and the
> > <host> tag has a context as
> > <Context path="" docBase="/IBS" debug="0">
> > </Context>
> > Look its IBS now. This context has all the files that needs to run
under
> > https.
> >
> > 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he
> > goes to https://172.27.2.246/IBS/d1.jsp
> >
> > 4)When the user changes the port to HTTP (in the address bar of the
> > browser) and doesnt change the IP address as http://172.27.2.246
> > /IBS/d1.jsp, then the user gets "cannot find server". This is perfect.
> >
> > 5)When the user changes the port to HTTP and change the IP address (in
> the
> > address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am
> > internally checking for the session, the programme finds the session is
> > invalid and sends him to (HTTP Login page) http://172.27.2.44
> > /IBS/Login.jsp. Now the user still can access my IBS context files
using
> > http protocol and 80 port.
> >
> > Now see this IP configuration (172.27.2.44) on port 80 has got a
context
> > reference of IBS1 and it still supports IBS context that is on port
443.
> >
> > It seems to me that Tomcat 5 is still internally checking for the
> contexts
> > somewhere else other than the server.xml file. If we can disable that
> then
> > it should work fine.
> >
> > Can I know from where the Tomcat is reading the default <context>? So
> that
> > I can disable them? or if there is any better solution to this please
> help
> > me out.
> >
> > Thank you,
> > Best Regards,
> > Uma
> >
> >
> >
> >
> >
> > "Parsons
> > Technical
> > Services"
> To
> > <parsonstechnical
> > @earthlink.net> "Tomcat Users List"
> > <[EMAIL PROTECTED]>
> > 03/30/2004 06:58
> cc
> > PM
> >
> >
> > Please respond to
> > "Tomcat Users
> > List"
> Subject
> > <[EMAIL PROTECTED] Re: Configuring Tomcat on
> different
> > rta.apache.org> IP's
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Uma,
> >
> > This has moved beyond my experiance. Other than experimenting or diving
> > into
> > the source what I suggest now is to reply to this post and edit the
> subject
> > line to read:
> >
> > Two service on one Tomcat instance.[Was Re: Configuring Tomcat on
> different
> > IP's]
> >
> > In the hope that someone with more information will respond.
> >
> > You may try google with a search based on tomcat and two or multiple
> > service.
> >
> > Sorry I ran out of ideas.
> >
> > Doug
> >
> >
> > ----- Original Message -----
> > From: <[EMAIL PROTECTED]>
> > To: "Tomcat Users List" <[EMAIL PROTECTED]>
> > Sent: Monday, March 29, 2004 11:50 PM
> > Subject: Re: Configuring Tomcat on different IP's
> >
> >
> > >
> > >
> > >
> > >
> > > Doug,
> > > I fogot to tell you that the first context has only one .jsp file.
Here
> > is
> > > the content of that "index.jsp" file
> > >
> > > <%
> > > response.sendRedirect("https://172.27.2.246/IBS/Login.jsp";);
> > > %>
> > >
> > > Thanks
> > > Uma
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
