Is there a means to write this security constraint at the context definition level ? Richard
-----Message d'origine----- De : Carl Olivier [mailto:[EMAIL PROTECTED] Envoyé : vendredi 19 novembre 2004 07:10 À : Tomcat Users List Objet : RE: SSL Alternatively, if you wish to accept HTTP connections, but redirect (forced to https) you could add a <security-constraint> to your webapps /WEB-INF/web.xml - before the </web-app>: <security-constraint> <web-resource-collection> <web-resource-name>HTTP to HTTPS redirection</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint> Thus, both the http and https connectors can exist in the same <Service> - where you web app host lives, but the WEBAPP ITSELF will ensure that even http requests to it will be redirected to https. Be sure to specify the correct redirectPort attribute in your HTTP connector - to 443 or 8443 depending on what port your HTTPS connector listens on. Thus, people can request your site/webapp using http - but will be redirected to https immediately for all requests. Hope that helps. Carl -----Original Message----- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 7:53 PM To: Tomcat Users List Subject: RE: SSL Hi, Yeah, reorganize your server.xml into two engines, with one connector and webapp each. One engine will have the SSL connector and webapp, and the other engine will have the non-SSL connector and webapp. Yoav Shapira http://www.yoavshapira.com >-----Original Message----- >From: Richard HALLIER [mailto:[EMAIL PROTECTED] >Sent: Thursday, November 18, 2004 12:42 PM >To: Tomcat Users List >Subject: RE: SSL > >Thank you for your reply, but I've omitted to say that I have another >webapp that is non-ssl, so I must have the two connectors (http, https) >up. >Do you have a solution ? >Really thank you for your help. >Richard > >-----Message d'origine----- >De : Shapira, Yoav [mailto:[EMAIL PROTECTED] Envoye : jeudi 18 >novembre 2004 18:09 A : Tomcat Users List Objet : RE: SSL > > > >Hi, >Comment out the non-SSL connector element in server.xml. > >Yoav Shapira http://www.yoavshapira.com > > >>-----Original Message----- >>From: Richard HALLIER [mailto:[EMAIL PROTECTED] >>Sent: Thursday, November 18, 2004 12:02 PM >>To: tomcat mailing-list >>Subject: SSL >> >>Hi everybody, >>Sorry if this question has been already asked, but i didnt find any >>pointers in the archive. >>I'm in the following context : Tomcat 5.0.x, Connector SSL active. >>I'd like to prevent everybody from using my webapp with the HTTP >protocol, >>in fact I'd like to restrict access to my webapp only to the https >>protocol. >>For the moment and with a standard configuration, I can access my >webapp >>from http and https protocol ... >>Thank you for your help. >>Richard >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > >This e-mail, including any attachments, is a confidential business >communication, and may contain information that is confidential, >proprietary and/or privileged. This e-mail is intended only for the >individual(s) to >whom it is addressed, and may not be saved, copied, printed, disclosed or >used by anyone else. If you are not the(an) intended recipient, please >immediately delete this e-mail from your computer system and notify the >sender. Thank you. > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
