Re: How to enforce SSL???

Fri, 26 Apr 2002 10:35:12 -0700 

I think if you add something similar to the following to the web.xml file
for your application, it will make it automatically redirect from HTTP to
HTTPS.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Tomcat</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

As far as requiring a particular encryption strength, the only way I know
how to do it is to check the following attributes. i.e. as far as I know
there isn't a flag in the web.xml file that you can use in order to require
128 bit encryption.
req.getAttribute("javax.servlet.request.cipher_suite")

req.getAttribute("javax.servlet.request.key_size")

javax.servlet.request.cipher_suite: SSL_RSA_WITH_RC4_128_MD5

javax.servlet.request.key_size: 128

Jon

----- Original Message -----
From: "Steve D George" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 26, 2002 11:04 AM
Subject: How to enforce SSL???


> Hi, I'm working with a standalone Tomcat 4.0.2 on W2K. I've just gone
> through the SSL How To and created myself a little certificate and got
> everything working over SSL. I can access all my pages over HTTP or HTTPS.
>
> My question now is how to enforce the use of HTTPS for a given page. The
> SSL How To says that any page that absolutely requires SSL should check
the
> protocol of the request and take the appropriate action, by which I
presume
> it means that you code a redirect to the same page but over https.
>
> Is this the standard way to enforce it though. I sort of imagined that you
> would be able to say that any page in a certain directory should be served
> over HTTPS and just let tomcat handle it for you?
>
> Thanks for any  help,
>
> Have a great weekend everyone!
>
> Cheers,
>
> Steve.
>
>
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Reply via email to