Hi all,
I know this has been discussed a thousand times, but I've just tried to set
up Https redirection on Tomcat 5.0.19 or 24, and no matter what I do or what
instructions I follow, it won't work. Below are snips from my server.xml and
applications web.xml - are they okay, or do I need to do anything else? I've
tried having BASIC, FORM, NONE and no authentication, with and without roles
and loads of other permutations.
So below, I hit /index.jsp okay, and then hitting /pp/index.jsp just takes
me stright there - no redirect to https.
Https is working if I go there - there are no problems with the certificate.
Many thanks
Digby
server.xml
...
<Connector acceptCount="100" connectionTimeout="20000" debug="0"
disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75"
maxThreads="150" minSpareThreads="25" port="80" redirectPort="443"
scheme="http" secure="false"/>
<Connector acceptCount="100" disableUploadTimeout="true"
enableLookups="false" keystoreFile="****"
keystorePass="****" maxProcessors="75" port="443" redirectPort="80"
scheme="https" secure="true" sslProtocol="TLS">
<Factory
className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
clientAuth="true" keystoreFile="****"
keystorePass="****"/>
</Connector>
...
web.xml
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Areas</web-resource-name>
<url-pattern>/pp/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>reg_user</role-name>
</auth-constraint>
<user-date-contraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-date-contraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Inecure Areas</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-date-contraint>
<transport-guarantee>NONE</transport-guarantee>
</user-date-contraint>
</security-constraint>
<!--login-config>
<realm-name>Secure Areas</realm-name>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config-->
<security-role>
<role-name>reg_user</role-name>
</security-role>
...
-----------------------------------------
*****************************************************************
Confidentiality Note: The information contained in this
message, and any attachments, may contain confidential
and/or privileged material. It is intended solely for the
person(s) or entity to which it is addressed. Any review,
retransmission, dissemination, or taking of any action in
reliance upon this information by persons or entities other
than the intended recipient(s) is prohibited. If you received
this in error, please contact the sender and delete the
material from any computer.
*****************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
