7 messages in org.apache.tomcat.usersRE: Tomcat and SSL| From | Sent On | Attachments |
|---|---|---|
| Jay Wright | Dec 2, 2002 10:03 am | |
| Jay Wright | Dec 2, 2002 4:32 pm | |
| Craig R. McClanahan | Dec 2, 2002 5:23 pm | |
| Jay Wright | Dec 2, 2002 5:34 pm | |
| Craig R. McClanahan | Dec 2, 2002 5:43 pm | |
| Jay Wright | Dec 2, 2002 5:51 pm | |
| Craig R. McClanahan | Dec 2, 2002 7:06 pm |
| Subject: | RE: Tomcat and SSL | |
|---|---|---|
| From: | Jay Wright (jwri...@once.com) | |
| Date: | Dec 2, 2002 5:34:13 pm | |
| List: | org.apache.tomcat.users | |
-----Original Message----- From: Craig R. McClanahan [mailto:crai...@apache.org] Sent: Monday, December 02, 2002 5:24 PM To: Tomcat Users List Subject: RE: Tomcat and SSL
On Mon, 2 Dec 2002, Jay Wright wrote:
Date: Mon, 2 Dec 2002 16:32:56 -0800 From: Jay Wright <jwri...@once.com> Reply-To: Tomcat Users List <tomc...@jakarta.apache.org> To: 'Tomcat Users List' <tomc...@jakarta.apache.org> Subject: RE: Tomcat and SSL
So I have added:
<auth-constraint> <role-name>*</role-name> </auth-constraint>
to the web.xml file's security constraint tags. But still I get nothing. As I watch the logs below:
2002-12-02 16:18:33 Authenticator[/a/b/c]: Security checking request GET /a/b/c/index.jsp 2002-12-02 16:18:33 Authenticator[/a/b/d]: Not subject to any constraint 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapping contextPath='/a/b/c' with requestURI='/a/b/c/index.jsp' and relativeURI='/index.jsp' 2002-12-02 16:18:33 StandardContext[/a/b/c]: Decoded relativeURI='/index.jsp' 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapped to servlet 'jsp' with servlet path '/index.jsp' and path info 'null' and update=true
I can't help but wonder if it's not simply the <url-pattern>. I am not sure why my url-pattern (/a/b/c/*) is not matching /a/b/c/index.jsp?
Is it trying to match the requestURI or the relativeURI? Or something else?
My Context path:
<Context path="/a/b/c" docBase="/usr/local/webapps/a/b/c" debug="1" priviledged="true"/>
is /a/b/c, so maybe it's only trying to match the relative URI.
Paths specified in <url-pattern> elements are *always* relative to the context path. If you really want every URL in your webapp to be protected, use a URL pattern of "/*" instead of "/a/b/c/*".
Thanks for clarifying, it's beginning to make sense now. As a side note: wouldn't doing a url pattern of "/*" match all webapps and not just this one? I'll have to extend the relative uri to include some pattern matchable string.
My other question is with <auth-constraint>. It's my current understanding that I can't simply enforce SSL use with a CONFIDENTIAL <transport-gaurantee> in <user-data-constraint>. That I actually need a realm defined, even though I want ALL visitors to be subjected to a SSL redirect if they try to access the webapp. Is there anyway around this?
Thanks
Anyone know?
Jay
Craig
-----Original Message----- From: Jay Wright [mailto:jwri...@once.com] Sent: Monday, December 02, 2002 10:04 AM To: 'tomc...@jakarta.apache.org' Subject: Tomcat and SSL
I am trying to configure a tomcat (4.1.12 on solaris) webserver to redirect a web app to a secure site. I'm attempting to configure this through web.xml, but I haven't found any valuable documentation.
I have added:
<security-constraint> <web-resource-collection> <web-resource-name>Some Name</web-resource-name> <url-pattern>/a/b/c/*</url-pattern> </web-resource-collection> <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> </security-constraint>
to the web.xml file, though it is unclear to me how this works. I have also configured tomcat with a certificate and set up the SSL Connector as per apache's documentation. SSL works, but the problem is that I can reach any of my web apps through either http or https.
In my configuration above, the <web-resource-name> maps to nothing. Is this just a friendly name or should it map to a "resource" in my <servlet> configuration?
Thanks,
Jay
-- To unsubscribe, e-mail:
<mailto:tomc...@jakarta.apache.org> For additional commands, e-mail: <mailto:tomc...@jakarta.apache.org>
-- To unsubscribe, e-mail:
<mailto:tomc...@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomc...@jakarta.apache.org>