Great, we will have to try that out. Did you need to configure a second <Host> for the secure site?
Or is that only necessary if you want a separate domain secure.site.com instead of regular.site.com. > -----Original Message----- > From: Norbert Kuhnert [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 21, 2002 11:49 AM > To: Tomcat Users List > Subject: Re: SSL FAQ and question > > > > Jay, > > I've had success with using the webapp deployment descriptor > "transport-guarantee" user-data-contraint as follows: > > <security-constraint> > <web-resource-collection> > <web-resource-name>myPayroll</web-resource-name> > <url-pattern>/payrollServlet</url-pattern> > <http-method>GET</http-method> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee> > CONFIDENTIAL > </transport-guarantee> > </user-data-constraint> > </security-constraint> > > If your Tomcat server's connector is properly setup to specify > the "redirectPort" as shown below in your non-secure Connector > (your connector class may be different): > > <Connector className="org.apache.catalina.connector.http.HttpConnector" > port="8080" minProcessors="5" maxProcessors="75" > enableLookups="true" redirectPort="8443" > acceptCount="10" debug="10" connectionTimeout="60000"/> > > AND you have a Connector listening on that port, for example: > > <Connector className="org.apache.catalina.connector.http.HttpConnector" > port="8443" minProcessors="5" maxProcessors="75" > enableLookups="true" > acceptCount="10" debug="0" scheme="https" secure="true"> > <Factory className="org.apache.catalina.net.SSLServerSocketFactory" > clientAuth="false" protocol="TLS"/> > </Connector> > > > then Tomcat should do the redirection for you. Here's the documentation > link for setting up SSL under Tomcat, if that's useful to you: > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html > > Good luck, > > Norb > > > > > > Jay Wright wrote: > > I am trying to do some initial research on SSL and tomcat. > Perhaps there is > > a faq out there that can help me, but the ones I've found on > the tomcat site > > haven't, so I turn to the newsgroup. > > > > I'm looking for some tried and true knowledge on implementing one tomcat > > instance with both secure and non-secure webapps. If I request > comes into a > > webapp that needs to be secure, I would like to redirect that > request to the > > secure site. > > > > Is it best to do this in code (by checking the > request.isSecure()) and then > > issuing response.sendRedirect() or can it be done through server.xml in > > tomcat or web.xml in the webapp? > > > > I assume you'd set up a second <Host> in server.xml and include > the webapp > > <Context> in there. The non-secure <Host> has a redirectPort configured > > which is suppose to then redirect to the secure site. > > > > Or would you set up the <security-constraint> in web.xml. > > > > Or am I way off? > > > > Jay > > > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- ---------------------------------------------------------- Norbert K. Kuhnert Phone: 858-455-1800 x204 Fax: 858-455-1801 CTO, Founder Email: [EMAIL PROTECTED] Cafesoft LLC WWW: www.cafesoft.com ---------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>