Re: Tomcat cannot access the resources in an HTTPS webapp

Mon, 16 Jul 2007 09:08:46 -0700 

Thank you for your responses. Well, I was a bit lost in the specs but
after looking up <transport-guarantee> I got what I
wanted. Out of curiosity though what should I do to add tomcat user
authentication?
I tried adding:
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>search</web-resource-name>
            <url-pattern>/ch13/search/*</url-pattern>
        </web-resource-collection>

        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
<!-- add here -->
     <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
<!-- end add -->
    </security-constraint>
but tomcat, while asking me to log in, and I did, denied access to the
resource. Without the addition I get the https encryption
that I require.

Caldarale, Charles R wrote:
>> From: Dimitris Mouchritsas [mailto:[EMAIL PROTECTED] 
>> Subject: Re: Tomcat cannot access the resources in an HTTPS webapp
>>
>> So if I want a subdirectory (e.g. admin) of my webapp, or my entire
>> webapp to be accessible _only_ under https what should I do?
>>     
>
> Read section 12 of the servlet spec:
> http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index.html
>
> Use a combination of <url-pattern> and <transport-guarantee> (along with
> their surrounding elements, of course).
>
> Note that the Tomcat doc does not duplicate any information in the
> servlet spec; you have to read both.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: [email protected]
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>   


---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to