On Mon, 2 Dec 2002, Jay Wright wrote:
> Date: Mon, 2 Dec 2002 16:32:56 -0800 > From: Jay Wright <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: 'Tomcat Users List' <[EMAIL PROTECTED]> > Subject: RE: Tomcat and SSL > > > So I have added: > > <auth-constraint> > <role-name>*</role-name> > </auth-constraint> > > to the web.xml file's security constraint tags. But still I get nothing. > As I watch the logs below: > > 2002-12-02 16:18:33 Authenticator[/a/b/c]: Security checking request GET > /a/b/c/index.jsp > 2002-12-02 16:18:33 Authenticator[/a/b/d]: Not subject to any constraint > 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapping contextPath='/a/b/c' > with requestURI='/a/b/c/index.jsp' and relativeURI='/index.jsp' > 2002-12-02 16:18:33 StandardContext[/a/b/c]: Decoded > relativeURI='/index.jsp' > 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapped to servlet 'jsp' with > servlet path '/index.jsp' and path info 'null' and update=true > > I can't help but wonder if it's not simply the <url-pattern>. I am not sure > why my url-pattern (/a/b/c/*) is not matching /a/b/c/index.jsp? > > Is it trying to match the requestURI or the relativeURI? Or something else? > > My Context path: > > <Context path="/a/b/c" docBase="/usr/local/webapps/a/b/c" debug="1" > priviledged="true"/> > > is /a/b/c, so maybe it's only trying to match the relative URI. > Paths specified in <url-pattern> elements are *always* relative to the context path. If you really want every URL in your webapp to be protected, use a URL pattern of "/*" instead of "/a/b/c/*". > Anyone know? > > Jay > Craig > > -----Original Message----- > > From: Jay Wright [mailto:[EMAIL PROTECTED]] > > Sent: Monday, December 02, 2002 10:04 AM > > To: '[EMAIL PROTECTED]' > > Subject: Tomcat and SSL > > > > > > > > I am trying to configure a tomcat (4.1.12 on solaris) > > webserver to redirect > > a web app to a secure site. I'm attempting to configure this through > > web.xml, but I haven't found any valuable documentation. > > > > I have added: > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Some Name</web-resource-name> > > <url-pattern>/a/b/c/*</url-pattern> > > </web-resource-collection> > > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > > > to the web.xml file, though it is unclear to me how this > > works. I have also > > configured tomcat with a certificate and set up the SSL > > Connector as per > > apache's documentation. SSL works, but the problem is that I > > can reach any > > of my web apps through either http or https. > > > > In my configuration above, the <web-resource-name> maps to > > nothing. Is this > > just a friendly name or should it map to a "resource" in my <servlet> > > configuration? > > > > Thanks, > > > > Jay > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
