I'm using the following configuration in my web.xml file. I have it setup so
that SSL is required. I also have it setup so that basic authentication is
required.
What I'm wondering though is what happens first, redirection to the SSL port
or basic authentication?
So, say I enter the following into my browser,
http://localhost:8080/servlet/Test
It gets redirected to,
https://localhost:8443/servlet/Test
However, I don't see the https until after I have authenticated. Does this
mean that the authentication happened before the redirection?
Jon
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>
Test
</servlet-name>
<servlet-class>
Test
</servlet-class>
<init-param>
<param-name>initParameter</param-name>
<param-value>value1</param-value>
</init-param>
</servlet>
<security-constraint>
<web-resource-collection>
<web-resource-name>
Protected Area
</web-resource-name>
<url-pattern>
/*
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>tomcat</realm-name>
</login-config>
</web-app>