Erf... It wasn't especially out of my reach. But (as many, I presume), when I'm looking for info, I tend to google around, where there is info fresh from the source...
Thanks to both of you and I will try to use more the official documentation, in the future. Cheers, Pierre 2007/7/31, Caldarale, Charles R <[EMAIL PROTECTED]>: > > > From: Pierre Goupil [mailto:[EMAIL PROTECTED] > > Subject: secured authentication / connection > > > > Can anyone point me to a relevant tutorial ? > > Besides configuring SSL as Mark T pointed out, you need to read section > 12 of the servlet spec: > http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index.html > > Section 12.5.3 is specifically for form-based authentication. > > To force SSL for everything, use a <transport-guarantee> of CONFIDENTIAL > in conjunction with a <url-pattern> of /* in your app's WEB-INF/web.xml > file. For example: > <security-constraint> > <web-resource-collection> > <web-resource-name>Protect Everything</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>RequiredRoleHere</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- "Si le sang ne coule pas assez chaud dans tes veines, je le répandrais sur le sable pour qu'il bouille au soleil." (Maraxus de Kelde)
