On Saturday 11 January 2003 03:40 pm, Peter Lee wrote: > I asked this earlier, but I still got problems with it. I upgraded to > 4.1.18, but I got some problems with security constraints. > > I have applied a security constraint on a particular url pattern. Only > certain users with a special rolename can access that link. The data > transportation is also secure, therefore I put in a <transport-guarantee> > in web.xml > > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > > It used to work but now the page does not load with v4.1.18. > I got a blank page instead of a login page. > Is SSL implemented differently v4.1.18 that prevents my application > from working like before? > I think it has to do with rolenames. I put in the needed role in > tomcat-user.xml > already. Did I miss something? > > Is there any documentation on tomcat v4.1.18 SSL security stuff? > > > Here is my security constraint in web.xml: > > <!-- Secure form > URLs of the form > http://localhost/Prefix/mypage > require SSL and are redirected to > https://localhost/Prefix/mypage --> > > <security-constraint> > <web-resource-collection> > <web-resource-name>SSLspecial</web-resource-name> > <url-pattern>/protectedpage/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>specialrole</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint>
Did you read this? http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html Paul -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>