Re: Any mod_webapp + gotchas in 4.0?

Mon, 22 Apr 2002 02:08:35 -0700 


I am way over my head here, but I once made a servlet whos methods should
only bee accessed over SSL. I Just made a secure port on 8443.
In my code I wrote

if (!request.isSecure)
   //make java.net.Url (using request.getHost() .getServletContext and so
     on (all though I didn't find a dynamic way to find the port of the
     server running SSL)
   redirect(myURL.toString())
Else
   //request is made over https. Proceed

Probably didn't answer your question, but..

�yvind

�yvind Vestavik
�vre M�llenberggt 44b
7014 Trondheim
[EMAIL PROTECTED]
41422911

On Fri, 19 Apr 2002, Cavan Morris wrote:

> Hey guys,
> I'm getting ready to go live with my webapp and need to ensure confidentiality on my 
>credit card billing page.
>
> I'm running Tomcat 4.0.2 on Redhat 7.2 with apache 2.0.32 and mod_webapp 1.0.2.  I 
>just got my ssl certificate from verisign and set up apache to require ssl on port 
>443.  HTTPS request to the site work great.
> I am trying to user the following security constraint in my web.xml to require ssl 
>in certain areas.
>
> <security-constraint>
>     <web-resource-collection>
>         <web-resource-name>SSL Area</web-resource-name>
>         <url-pattern>/user/*</url-pattern>
>     </web-resource-collection>
>     <user-data-constraint>
>         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>     </user-data-constraint>
> </security-constraint>
>
> I also set the redirect port on my warp connector like so in server.xml
> <Connector className="org.apache.catalina.connector.warp.WarpConnector"
>      port="8008" minProcessors="5" maxProcessors="75"
>      enableLookups="false" redirectPort="443"
>      acceptCount="10" debug="0"/>
>
> The result...  Absolutely Nothing.
> The changes have no discernable effect, /user/* is not redirected.
>
> It may be important to note that I also have a standalone HTTP connector running 
>that does is set to redirect to port 8443 but the site is being accessed through the 
>warp connector.
>
> What am I missing here??  Any thoughts on this would be very helpful.
> -Cavan Morris
>
>
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Reply via email to