Hey guys, I'm getting ready to go live with my webapp and need to ensure confidentiality on my credit card billing page.
I'm running Tomcat 4.0.2 on Redhat 7.2 with apache 2.0.32 and mod_webapp 1.0.2. I just got my ssl certificate from verisign and set up apache to require ssl on port 443. HTTPS request to the site work great. I am trying to user the following security constraint in my web.xml to require ssl in certain areas. <security-constraint> <web-resource-collection> <web-resource-name>SSL Area</web-resource-name> <url-pattern>/user/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> I also set the redirect port on my warp connector like so in server.xml <Connector className="org.apache.catalina.connector.warp.WarpConnector" port="8008" minProcessors="5" maxProcessors="75" enableLookups="false" redirectPort="443" acceptCount="10" debug="0"/> The result... Absolutely Nothing. The changes have no discernable effect, /user/* is not redirected. It may be important to note that I also have a standalone HTTP connector running that does is set to redirect to port 8443 but the site is being accessed through the warp connector. What am I missing here?? Any thoughts on this would be very helpful. -Cavan Morris -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>