"Luca Ventura" <[EMAIL PROTECTED]> wrote in message news:GCEHKDLCEKBHKGEIBIGLEEFADKAA.ventluca@;tiscali.it... > Hello everybody! > > I have IIS as Web Server and Tomcat 4.x as Servlet Container (using the > ISAPI filter). > So all requests directed to servlets, jsp-pages, or > java-technology based web sites are redirected to Tomcat 4.x from IIS. > I have installed in IIS a digital certificate to support HTTPS > protocol. > > Let's suppose my web domain is: www.mydomain.com > > and that my java-technology based web site is in the /javasite folder. > So to access to it in a secure way using HTPPS I must type the url: > > https://www.mydomanin.com/javasite/index.html > > First of all I would like to have a confirmation of the following thing: > > 1) When I send data to the url above are all of them cripted from my Web > Browser and decrypted by ISS before redirecting them to Tomcat 4.x > (I haven't installed the same digital certificate in Tomcat because > I don't use it as a Web Server)?
Yes. > > Then I need to know: > > 2)I want to protect some servlets and jsp-pages with an access login and > password: > So I used the BASIC authentication of Tomcat: in this way when I user > try to connect to a protected servlet or jsp-page the Servlet Container > Tomcat asks to > the user to insert a login and a password. If the url of the servler or > jsp-page > he tries to connect to is https based (for example: > https://www.mydomanin.com/javasite/MyServet) are both login and password > crypted before sending them to Tomcat (I think that IIS should receive , > decrypt and forward > them to Tomcat)? Yes. > > > I hope someone can help me. > > Thanks everybody in advance! > > Luca -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>