Hi All,
I've set up SSL on a 3.2b7 instance. Also I defined a context, say /wlss,
with a directory and a resource, say /wlss1/index.htm inside that context.
I want to configure that context in such a way that the access to
/wlss1/index.htm is only allowed if the transport is guaranteed at
confidential level(SSL). I read the spec and created this web.xml to do the
job:
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>a</web-resource-name>
<url-pattern>/wlss1/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</web-resource-collection>
</security-constraint>
</web-app>
By my understanding, I'm allowing access to the resource collection "a" -
mapped to /wlss1/anything with GET or POST only through a confidential
transport - SSL.
It's not working at all. I can still access it through normal http. Am I
missing something here ?
Another question - how to impose confidential transport to the entire
context ?
Thanks in advance for any help,
Wellington Silva
UN/FAO
