t has to listen on 443 to remove the port number from the URL.
> This is not a tomcat issue, but rather the browser's expectation.
>
> -- David
>
>
> On Nov 17, 2009, at 4:40 AM, Robert Denison wrote:
>
>> Hi,
>>
>> I've set up my tomcat se
Hi,
I've set up my tomcat server to serve http requests on port 8080 and https on
port 8443. My firewall forwards requests for 80 to 8080 and 8443 to 8443.
It works fine but as it stands https requests have the form
https://mydomain.com:8443. I would like to set it up so like most secure
inte
ultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Robert,
>
> On 11/10/2009 7:48 AM, Robert Denison wrote:
>> If the Valve acts before the filter then I would guess my idea can't
>> work because the login will have already happened before I get chan
Thanks peter,
Don't suppose anyone can point me to any documentation that talks about getting
caching working properly for tomcat and static content can they?
R.
On 10 Nov 2009, at 13:14, Peter Crowther wrote:
> 2009/11/10 Robert Denison :
>> I assume that the standard way o
Just to pick up on the point below.
If the Valve acts before the filter then I would guess my idea can't work
because the login will have already happened before I get chance to redirect to
https. Therefore meaning the login process will have happened unencrypted...
R.
On 10 Nov 2009, at 10:4
to do this kind of setup? It would be mildly annoying if I have to have all
my main pages under some subdir (lengthening my URLs) just to differentiate, so
I assume there is a better way?
R.
On 10 Nov 2009, at 10:42, Pid wrote:
> On 10/11/2009 10:07, Robert Denison wrote:
>
0:42, Pid wrote:
> On 10/11/2009 10:07, Robert Denison wrote:
>> Hi P,
>>
>> Thanks very much for your reasoned helpful response.
>>
>> I fancied securing only login because I only want logged in users to see the
>> service and I want the login to be
http) goto https
}
And then rely on the security constraint only for requiring login and the Valve
only for forwarding the request to the login page?
R.
On 9 Nov 2009, at 23:05, Pid wrote:
> On 09/11/2009 22:33, Robert Denison wrote:
>> Hi all,
>>
>> I am trying to have setu
Hi all,
I am trying to have setup my tomcat webapp to be secure for login
only. It works as you'd expect if the security-constraint for /* is
unsecure and if I make it secure (using CONFIDENTIAL) for /*.
However if I try to make it secure only for the login page and
unsecure elsewhere any
