All,
I have set up tomcat 5.5.9 with SSL as follows:
server.xml:
<!-- Define a non-SSL HTTP/1.1 Connector on port (8080 changed to
9123 -->
<Connector port="80" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<!-- Define a SSL HTTP/1.1 Connector on port 443 -->
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/etc/.keystore"
keystorePass="xxxxxxxx"
clientAuth="false" sslProtocol="TLS" />
and web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>secure pages</web-resource-name>
<url-pattern>*.htm</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>secure pages</web-resource-name>
<url-pattern>/login.jsp</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
The whole site, all pages, are redirected to port 443 - everything is
secure. I only wanted the *.htm and the single file login.jsp to use https.
What am I doing wrong?
Thanks.
Greg.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
