automatic redirection to HTTPS

Ratnadeep Bhattacharjee Tue, 29 Jan 2002 13:42:55 -0800

Hi again,

After some changes to my <security-constraint> tag I finally got the HTTP 
request to be redirected to its equivalent HTTPS request. However, this time I 
get an error as follows:


Apache Tomcat/4.0.1 - HTTP Status 500 - Configuration error: Cannot perform
access control without an authenticated principal


type Status report

message: Configuration error: Cannot perform access control without an 
authenticated principal

description: The server encountered an internal error (Configuration error: 
Cannot perform access control without an authenticated principal) that
prevented it from fulfilling this request.

Is there no way I can use a secure transport without creating a principal in 
Tomcat. I do my own authentication. I do not want to use tomcat-users.xml etc. I 
just want the transport to be SSL. 

Here's how my tag looks like:

  <security-constraint>
   <web-resource-collection>
     <web-resource-name>console</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
   </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
   <user-data-constraint>
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
  </security-constraint>

Thanks a lot.

Sincerely,
-Ratnadeep.

------------- Begin Forwarded Message -------------
Hello all,

I am having some problems getting automatic redirection to HTTPS working. What I 
want do is as follows:

If the user types a URL http://host:port/myapp it should be redirected to 
https://host:secure_port/myapp. If you had encountered this problem and found a 
solution could you please share it with me. 

I followed the instructions in servlet 2.3 spec and Tomcat and added the 
security-constraint tag but it did not work for me. Should the web-resource-name 
tag match a real web resource - or can it be any arbitrary name?
 
  <security-constraint>
   <web-resource-collection>
     <web-resource-name>logon</web-resource-name>
        <url-pattern>/console/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
   </web-resource-collection>
   <user-data-constraint>
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
  </security-constraint>

I am running Tomcat 4.0.1. 

Thanks.

-Ratnadeep.




--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

automatic redirection to HTTPS

Reply via email to