I'm not am expert, but I don't know of any way other than creating a
stub web.xml file - it shouldn't have to be much, but I think you're
going to need it. Although an alternative would be to have a <Service
..> element in the server.xml file that has ONLY the SSL
<Connector.../>, but that seems like even more overkill to me.
Ossie Guy wrote:
In our server.xml (Tomcat 4.1), we have a context that is used to
serve up static content (PDFs) that are collected in a directory on
our server:
<Context path="/pdf" appBase="" docBase="/path/to/pdfs"
reloadable="true"></Context>
There is no war or other webapp involved here, just the folder with
the static files, and thus no web.xml either... (Don't worry, we are
making much use of the servlet API elsewhere on the same server ;)
Now, we want to serve these files up through SSL - we have the SSL
Connector configured correctly, everything's just great, BUT a savvy
user can still get the files through non-SSL by changing the URL. So -
is there any way to *enforce* that this context is accessed only
through SSL?
I have seen documentation suggesting something like the following:
<user-data-constraint transport-guarantee="CONFIDENTIAL"/>
But this goes in web.xml, and again, we have none here - do we need to
make one just to enforce this constraint? Or is there some way to
enforce this from within the server.xml file itself, perhaps within
the above <context> section?
Any help would be appreciated.
Cheers,
Ossie
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's
FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
www.ipov.net
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]