RE: Tomcat and SSL

Mon, 02 Dec 2002 16:32:29 -0800 

So I have added:

        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>

to the web.xml file's security constraint tags.  But still I get nothing.
As I watch the logs below:

2002-12-02 16:18:33 Authenticator[/a/b/c]: Security checking request GET
/a/b/c/index.jsp
2002-12-02 16:18:33 Authenticator[/a/b/d]:  Not subject to any constraint
2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapping contextPath='/a/b/c'
with requestURI='/a/b/c/index.jsp' and relativeURI='/index.jsp'
2002-12-02 16:18:33 StandardContext[/a/b/c]: Decoded
relativeURI='/index.jsp'
2002-12-02 16:18:33 StandardContext[/a/b/c]:  Mapped to servlet 'jsp' with
servlet path '/index.jsp' and path info 'null' and update=true

I can't help but wonder if it's not simply the <url-pattern>.  I am not sure
why my url-pattern (/a/b/c/*) is not matching /a/b/c/index.jsp?  

Is it trying to match the requestURI or the relativeURI?  Or something else?

My Context path:

<Context path="/a/b/c" docBase="/usr/local/webapps/a/b/c" debug="1"
priviledged="true"/>

is /a/b/c, so maybe it's only trying to match the relative URI.

Anyone know?

Jay

> -----Original Message-----
> From: Jay Wright [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 02, 2002 10:04 AM
> To: '[EMAIL PROTECTED]'
> Subject: Tomcat and SSL 
> 
> 
> 
> I am trying to configure a tomcat (4.1.12 on solaris) 
> webserver to redirect
> a web app to a secure site.  I'm attempting to configure this through
> web.xml, but I haven't found any valuable documentation.  
> 
> I have added: 
> 
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>Some Name</web-resource-name>
>             <url-pattern>/a/b/c/*</url-pattern>
>         </web-resource-collection>
>         <user-data-constraint>
>             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>         </user-data-constraint>
>     </security-constraint>
> 
> to the web.xml file, though it is unclear to me how this 
> works.  I have also
> configured tomcat with a certificate and set up the SSL 
> Connector as per
> apache's documentation.  SSL works, but the problem is that I 
> can reach any
> of my web apps through either http or https.  
> 
> In my configuration above, the <web-resource-name> maps to 
> nothing.  Is this
> just a friendly name or should it map to a "resource" in my <servlet>
> configuration? 
> 
> Thanks,
> 
> Jay
> 
> --
> To unsubscribe, e-mail:   
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to