Jay,
I did not create a new <Host>, just 2 Connectors supplying
requests to the same <Engine>. I'm not sure that this
automatic redirection from "http" to "https" would work
if it needed to redirect to a different host, but I could
be wrong.
Norb
Jay Wright wrote:
Great, we will have to try that out. Did you need to configure a second
<Host> for the secure site?
Or is that only necessary if you want a separate domain secure.site.com
instead of regular.site.com.
-----Original Message-----
From: Norbert Kuhnert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 21, 2002 11:49 AM
To: Tomcat Users List
Subject: Re: SSL FAQ and question
Jay,
I've had success with using the webapp deployment descriptor
"transport-guarantee" user-data-contraint as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>myPayroll</web-resource-name>
<url-pattern>/payrollServlet</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>
If your Tomcat server's connector is properly setup to specify
the "redirectPort" as shown below in your non-secure Connector
(your connector class may be different):
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="10" connectionTimeout="60000"/>
AND you have a Connector listening on that port, for example:
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"/>
</Connector>
then Tomcat should do the redirection for you. Here's the documentation
link for setting up SSL under Tomcat, if that's useful to you:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
Good luck,
Norb
Jay Wright wrote:
I am trying to do some initial research on SSL and tomcat.
Perhaps there is
a faq out there that can help me, but the ones I've found on
the tomcat site
haven't, so I turn to the newsgroup.
I'm looking for some tried and true knowledge on implementing one tomcat
instance with both secure and non-secure webapps. If I request
comes into a
webapp that needs to be secure, I would like to redirect that
request to the
secure site.
Is it best to do this in code (by checking the
request.isSecure()) and then
issuing response.sendRedirect() or can it be done through server.xml in
tomcat or web.xml in the webapp?
I assume you'd set up a second <Host> in server.xml and include
the webapp
<Context> in there. The non-secure <Host> has a redirectPort configured
which is suppose to then redirect to the secure site.
Or would you set up the <security-constraint> in web.xml.
Or am I way off?
Jay
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
----------------------------------------------------------
Norbert K. Kuhnert Phone: 858-455-1800 x204
Fax: 858-455-1801
CTO, Founder Email: [EMAIL PROTECTED]
Cafesoft LLC WWW: www.cafesoft.com
----------------------------------------------------------
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
----------------------------------------------------------
Norbert K. Kuhnert Phone: 858-455-1800 x204
Fax: 858-455-1801
CTO, Founder Email: [EMAIL PROTECTED]
Cafesoft LLC WWW: www.cafesoft.com
----------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>