Hi, have a look for postings titled 'How to enforce SSL' that were posted over the last few days. Assuming you have gone through the How-to-SSL document in the tomcat docs and set up a certificate, to enforce SSL for a certain directory in your context, you need something like this in your web.xml.
<!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>trackeruser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Location Tracker Application</realm-name> </login-config> The important piece is the user-data-constraint and the transport-guarantee. This tells tomcat that all requests to the url pattern (in my case it is the whole of my context) should be sent over HTTPS. If a request is received over HTTP, tomcat will redirect the request at whatever port is defined in server.xml as the 'redirectPort' for the HTTP connector. This is probably 8443. You then need to make sure that you have an SSL only connector on that port but I guess you should already have that if you've got the SSL working already. Cheers. Steve. t.riteshmenon@iflexso lutions.com To: [EMAIL PROTECTED] cc: 30/04/2002 11:10 Subject: TOMCAT & SSL !!! Please respond to "Tomcat Users List" Hi All, My application requires that certain pages on the site are accessed via SSL, is there a way in tomcat to reject the connection of http to a specific page (ie securePage.jsp) but still allow http access to other pages (ie. standardPage.jsp). Also i'm using cookies - so i wanted to know whether these cookies will be visible in both the http & https contexts. Thanks in advance, Ritesh ---------------------------------------------------------------------------- This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. ---------------------------------------------------------------------------- -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>