I have tried putting the following in
$CATALINA_HOME/server/webapps/manager/WEB-INF/web.xml but the SSL config is ignored:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL 4 Login</web-resource-name>
<url-pattern>/ssllogin.html</url-pattern>
<url-pattern>/sslerror.html</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>SSL required</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint> <login-config>
<auth-method>FORM</auth-method>
<realm-name>BlackSailRealm</realm-name>
<form-login-config>
<form-login-page>/ssllogin.html</form-login-page>
<form-error-page>/sslerror.html</form-error-page>
</form-login-config>
</login-config>I have the login & error pages in $CATALINA_HOME/server/webapps/manager/
Basically it always stays in non-SSL protocol.
I posted this in bugzilla, being confident that tomcat was not doing what it was supposed to, but apparently it is. I got the following solution via bugzilla, but I don't understand it! How is this telling me I should configure SSL for the manager login?
Thanks
On 10/13/2003 02:19 PM [EMAIL PROTECTED] wrote:
[...]
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
>
> cannot configure SSL for form-based authentication >
[...]
>
>
> ------- Additional Comments From [EMAIL PROTECTED] 2003-10-13 12:19 -------
> FORM can be implemented as an internal redirection, like welcome files. As a
> result, it is not subject to constraints. Please do not reopen the report.
>
-- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
