Thanks Chuck.
I have added the following: to manager's web.xml and it worked:
<security-constraint>
<web-resource-collection>
<web-resource-name>HTML Manager</web-resource-name>
<url-pattern>/html/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
However, I am not sure with this setting before I actually get to the
manager page, are the login and password encrypted by SSL when sent through
the network? Because at that time when it asked login/password the browser
security lock icon had not been displayed yet.
Thanks,
Raymond
----- Original Message -----
From: "Caldarale, Charles R" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Friday, September 09, 2005 12:53 PM
Subject: RE: How to force the Tomcat "manager" app to run in SSL only?
From: Augmentin [mailto:[EMAIL PROTECTED]
Subject: Fw: How to force the Tomcat "manager" app to run in SSL only?
Since manager does not actually exist under /webapps I can't put a
<security-constraint> in a web.xml file.
You need to look around a little bit more, such as in server/webapps.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
