Marc, thanks for your comment and thanks for pointing me to the right direction.
I guess this one is the matching excerpt from the specs: ===== [snip ]======== The combination of user-data-constraints that apply to a common urlpattern and http-method shall yield the union of connection types accepted by the individual constraints as acceptable connection types. A security constraint that does not contain a user-data-constraint shall combine with other userdata-constraints to cause the unprotected connection type to be an accepted connection type. ===== [snap ]======== As Jeffrey mentioned, I guess I'll have to byte the bullet, but before doing that, I'll try my luck writing a valve forwarding all http to https. Still, I guess the specs do have some room for improvement here, meaning, it would be more than helpful if default settings could be specified inside the global deployment descriptor. Wondering if I'm the first person missing such a feature. Thanks! Gregor On Thu, Dec 1, 2011 at 3:43 PM, Mark Thomas <ma...@apache.org> wrote: > On 30/11/2011 18:32, Gregor S. wrote: >> My understanding was, that in the global web.xml >> ($catalina.home/conf/web.xml) the defaults are specified and promoted >> to all webapps. But it seems as the webapp doesn't inherit the element >> <user-data-constraints> from the global web.xml if it specifies it's >> own <security-constraints> - my expectation was, that it inherits >> those elements not specified inside the webapp's >> deployment-descriptor. > > Your understanding is wrong. > > You need to read the 2.5 servlet specification, particularly section > SRV.12.7.1. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD skype:rc46fi gplus.to/gregor twitter.com/#/2smart4u --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org