Hey guys,
I'm getting ready to go live with my webapp and need to ensure confidentiality on my
credit card billing page.
I'm running Tomcat 4.0.2 on Redhat 7.2 with apache 2.0.32 and mod_webapp 1.0.2. I
just got my ssl certificate from verisign and set up apache to require ssl on port
443. HTTPS request to the site work great.
I am trying to user the following security constraint in my web.xml to require ssl in
certain areas.
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL Area</web-resource-name>
<url-pattern>/user/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I also set the redirect port on my warp connector like so in server.xml
<Connector className="org.apache.catalina.connector.warp.WarpConnector"
port="8008" minProcessors="5" maxProcessors="75"
enableLookups="false" redirectPort="443"
acceptCount="10" debug="0"/>
The result... Absolutely Nothing.
The changes have no discernable effect, /user/* is not redirected.
It may be important to note that I also have a standalone HTTP connector running that
does is set to redirect to port 8443 but the site is being accessed through the warp
connector.
What am I missing here?? Any thoughts on this would be very helpful.
-Cavan Morris
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
