TC 7.0.54 / JDK 1.7.0_60 / RHEL 6 My webapp is the only one on my TC install. It's in webapps/ROOT. Iptables routes 80 to 8080 and I'm using the NIO connector. There are two physical servers with that same webapp, using session replication. Everything works great.
There's a subdirectory "/admin" in the webapp that has some admin tools that we've been using behind our firewall and under BASIC authentication. I want to put just the /admin directory under SSL and have a user/hashed-pass in the database do the login and authentication instead of having them in tomcat-users.xml. Questions: 1. Can I specify /admin/* as a security constraint url pattern so that only that directory runs under SSL? 2. The NIO connector is accepted for JSSE, since I'm using it already, is there any point in not using it as my SSL connector? 3. Any known issues with routing 443 to 8443 in Iptables? 4. The admin tools share underlying classes with the rest of the web application, which is why it makes sense to have it just as a subdirectory in the same webapp. But would I be better off migrating the admin tools to their own webapp for the purposes of SSL? Apologies if I've missed any of this in the docs. Any additional info/advice appreciated. Thanks in Advance, John
