On Wed, Jun 17, 2009 at 8:39 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote:
> > From: Bruce Edge [mailto:bruce.e...@gmail.com] > > Subject: Mix http and https on one tomcat server? > > > > Is it possible to deploy both http and https on the same > > tomcat instance? > > Of course. > > Read the doc: > http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html > http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL%20Support > > - Chuck > I assume that I need a different connector for each, so I changed the 8080 redirector in server.xml: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"/> to: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"/> My ssl connector is: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="servIdentity.jks" clientAuth="false" sslProtocol="TLS"/> However, I don't see where I designate the difference between a local address, 127.0.0.1, and an external address. I've defined 2 <security-constraint> blocks in web.xml: <security-constraint> .... <url-pattern>/*</url-pattern> <- Is this what needs to refer to the internal vs. external address? <url-pattern>127.0.0.1:8080/*</url-pattern> ? .... </security-constraint> I also have 2 roles setup in tomcat-users.xml which are referenced by the above 2 <security-constraint> blocks. I have this in web.xml for the ssl passwd: <login-config> <auth-method>BASIC</auth-method> </login-config> but can it be setup to _not_ require a password for localhost access? Where do I make this role specific? In short, I want: localhost - no auth, no ssl external - passwd auth and ssl I can get one or the other but not both at the same time. -Bruce
