> -----Original Message----- > From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 02, 2002 5:24 PM > To: Tomcat Users List > Subject: RE: Tomcat and SSL > > > On Mon, 2 Dec 2002, Jay Wright wrote: > > > Date: Mon, 2 Dec 2002 16:32:56 -0800 > > From: Jay Wright <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: 'Tomcat Users List' <[EMAIL PROTECTED]> > > Subject: RE: Tomcat and SSL > > > > > > So I have added: > > > > <auth-constraint> > > <role-name>*</role-name> > > </auth-constraint> > > > > to the web.xml file's security constraint tags. But still > I get nothing. > > As I watch the logs below: > > > > 2002-12-02 16:18:33 Authenticator[/a/b/c]: Security > checking request GET > > /a/b/c/index.jsp > > 2002-12-02 16:18:33 Authenticator[/a/b/d]: Not subject to > any constraint > > 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapping > contextPath='/a/b/c' > > with requestURI='/a/b/c/index.jsp' and relativeURI='/index.jsp' > > 2002-12-02 16:18:33 StandardContext[/a/b/c]: Decoded > > relativeURI='/index.jsp' > > 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapped to > servlet 'jsp' with > > servlet path '/index.jsp' and path info 'null' and update=true > > > > I can't help but wonder if it's not simply the > <url-pattern>. I am not sure > > why my url-pattern (/a/b/c/*) is not matching /a/b/c/index.jsp? > > > > Is it trying to match the requestURI or the relativeURI? > Or something else? > > > > My Context path: > > > > <Context path="/a/b/c" docBase="/usr/local/webapps/a/b/c" debug="1" > > priviledged="true"/> > > > > is /a/b/c, so maybe it's only trying to match the relative URI. > > > > Paths specified in <url-pattern> elements are *always* relative to the > context path. If you really want every URL in your webapp to be > protected, use a URL pattern of "/*" instead of "/a/b/c/*".
Thanks for clarifying, it's beginning to make sense now. As a side note: wouldn't doing a url pattern of "/*" match all webapps and not just this one? I'll have to extend the relative uri to include some pattern matchable string. My other question is with <auth-constraint>. It's my current understanding that I can't simply enforce SSL use with a CONFIDENTIAL <transport-gaurantee> in <user-data-constraint>. That I actually need a realm defined, even though I want ALL visitors to be subjected to a SSL redirect if they try to access the webapp. Is there anyway around this? Thanks > > > Anyone know? > > > > Jay > > > > Craig > > > > -----Original Message----- > > > From: Jay Wright [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, December 02, 2002 10:04 AM > > > To: '[EMAIL PROTECTED]' > > > Subject: Tomcat and SSL > > > > > > > > > > > > I am trying to configure a tomcat (4.1.12 on solaris) > > > webserver to redirect > > > a web app to a secure site. I'm attempting to configure > this through > > > web.xml, but I haven't found any valuable documentation. > > > > > > I have added: > > > > > > <security-constraint> > > > <web-resource-collection> > > > <web-resource-name>Some Name</web-resource-name> > > > <url-pattern>/a/b/c/*</url-pattern> > > > </web-resource-collection> > > > <user-data-constraint> > > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > </user-data-constraint> > > > </security-constraint> > > > > > > to the web.xml file, though it is unclear to me how this > > > works. I have also > > > configured tomcat with a certificate and set up the SSL > > > Connector as per > > > apache's documentation. SSL works, but the problem is that I > > > can reach any > > > of my web apps through either http or https. > > > > > > In my configuration above, the <web-resource-name> maps to > > > nothing. Is this > > > just a friendly name or should it map to a "resource" in > my <servlet> > > > configuration? > > > > > > Thanks, > > > > > > Jay > > > > > > -- > > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
