Thanks but that didn't work for me
I've got
<Connector SSLEnabled="true" clientAuth="false"
keystoreFile="C:\keystore.jks" keystorePass="tomcat" maxThreads="150"
port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS"/>
in my server.xml
And I've created a SessionTrackingModeListener (just like manual) and
modified web.xml with this listener
And now I finish SSL Session with
session.invalidate();
org.apache.tomcat.util.net.SSLSessionManager mgr
=(org.apache.tomcat.util.net.SSLSessionManager)request.getAttribute("javax.servlet.request.ssl_session_mgr");
mgr.invalidateSession();
response.setHeader("Connection", "close");
ServletContext context = this.getServletContext().getContext("/app");
if (context != null)
response.sendRedirect(context.getContextPath() + "/protected.html" );
I hoped that login.html was return but protected.html is
I dont find any doc about realm + SSL what 's wrong ?
Thanks and regards
2011/9/7 Mark Thomas <ma...@apache.org>:
> On 07/09/2011 12:20, Chema wrote:
>> Hello:
>>
>> I've got a web application running on Tomcat 7.0.16
>> It uses realm authentication to validate users ( FORM login method
>> with a custom login page named login.html)
>> and it's secured by SSL with
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>ssl</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> So, if I write https://localhost:8080/protected.html, Tomcat redirect
>> to my login.html page to authenticate the user,
>> and , if it's valid, returns main.html.
>> All fine
>>
>>
>> The web application has got a service to implement a logout with 2 steps:
>>
>> - session.invalidate()
>> - redirect to protected.html
>>
>>
>> Well, when I invoked last service, I hoped that when redirecting to
>> protected.html, as I invalidated session before and protected.html is
>> a protected resource, Tomcat redirected my browser to login.html.
>> But didn't : protected.html was returned.
>>
>> If I repeat this steps without SSL configuration , Tomcat does
>> (redirects my browser to login.html)
>>
>>
>> What I need to finish a SSL session and realm mechanism knows it ?
>
> http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Using_the_SSL_for_session_tracking_in_your_application
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
