Can somebody please answer this please... Donie -----Original Message----- From: Donie Kelly [mailto:[EMAIL PROTECTED]] Sent: 12 June 2002 12:59 To: 'Tomcat Users List' Subject: RE: Protecting a page with SSL
Thanks Adam It sort of works now. I have a URL mapped as /info I can access it as https://nysa/info and it works If I use http://nysa/info I get HTTP 500 Internal Server Error I want the request from http to re-direct to https. What am I doing wrong? Thanks Donie Here is my web.xml <servlet> <servlet-name>info</servlet-name> <jsp-file>/onm/index.jsp</jsp-file> </servlet> <servlet-mapping> <servlet-name>info</servlet-name> <url-pattern>/info</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>secure</web-resource-name> <url-pattern>/info</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> And here is part of my server.xml <Service name="Tomcat-Standalone"> <!-- Define an SSL HTTP/1.1 Connector on port 443 --> <Connector className="org.apache.catalina.connector.http.HttpConnector" port="443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="c:\tomcat4.0\.keystore" keystorePass="changit" /> </Connector> <!-- Define a non-SSL HTTP/1.1 Connector on port 80 --> <Connector className="org.apache.catalina.connector.http.HttpConnector" port="80" minProcessors="5" maxProcessors="75" enableLookups="false" redirectPort="443" acceptCount="10" debug="0" connectionTimeout="60000" allowChunking="false"/> <Engine name="Standalone" defaultHost="localhost" debug="0"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/> <Realm className="org.apache.catalina.realm.MemoryRealm" /> <Host name="localhost" debug="0" appBase="webapps" unpackWARs="false"> <Context path="" docBase="c:\mmsdev\dev\mms\webapps\mms"></Context> <Context path="/images" docBase="c:\mmsdev\dev\mms\webapps\mms\onm\images"></Context> <Context path="/tp" docBase="c:\mmsdev\dev\mms\webapps\tp"></Context> </Host> </Engine> </Service> -----Original Message----- From: Sefton, Adam [mailto:[EMAIL PROTECTED]] Sent: 12 June 2002 12:28 To: 'Tomcat Users List' Subject: RE: Protecting a page with SSL Within your web.xml, inside the <security-constraint> tag, add: <user-data-constraint> <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> This will force the connection for the application. If you want to force the connection for all applications across the Tomcat instance, then place this in the /conf/web.xml instead. Hope this helps Adam -----Original Message----- From: Donie Kelly [mailto:[EMAIL PROTECTED]] Sent: 12 June 2002 12:21 To: 'Tomcat Users List' Subject: Protecting a page with SSL Hi all I've setup SSL on tomcat but I can't find in the docs how to protect a .jsp page or servlet mapping to force the connection over SSL Please point me in the right direction. Thanks Donie -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> ********************************************************************** This message may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. ********************************************************************** -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>