I have an tomcat application. I want to use LDAP authentication. I have this
working not problem.
When a user hits the site they are asked to login and they use the
j_security method to do so. No problem.
Now, when someone logs in they are using an unsecured login screen and there
passwords are sent unencrypted. The solution! HTTPS, no sweat, i have this
working to. The only problem I have is having the https and LDAP security in
one application. Additionally i do not want to have every page locked by
https, only the login screen that get called by the security constraint.
EX directory structure:
Https Secured pages and directories.
/security/login.jsp
/security/loginerr.jsp
LDAP REalm Secured diretories
/gigatronic/*
/gigatronic/index.jsp
so when a user hits /gigatronic/index.jsp they are asked top login because
of the LDAP real copnfig. The pages used for the login I need in HTTPS.
After a secure login it returns back to a regular http for the
/gigatronic/index.jsp application.
SO how can I use HTTPS for only the j_secutity login portion I specified in
web.xml and enforce LDAP real for the rest of my app without have the whole
app HTTPS.
I tried specifying the HTTPS for my login but the app would not start.
ex:
<form-login-config>
<form-login-page>https://www.blah.com/secure/login.jsp</form-login-page>
<form-error-page>https://www.blah.com/secure/loginerr.jsp</form-error-page>
</form-login-config>
This did not work.
Cheers
--
View this message in context:
http://www.nabble.com/j_secuity-check-and-https-tp20603453p20686814.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
