-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
On 1/4/2010 6:45 PM, Joe Hansen wrote:
> I just forgot to enable the HTTPS Connector! Login form is working now
> over https.
>
> redirectPort="8443" />
>
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol
e: Help with security-constraint in web.xml
>>
>> However, when I enter the login credentials and submit the
>> form, nothing happens. Somehow changing the redirectPort
>> seems to have broken the login form.
>
> Turn on the AccessLogValve to see what's reaching Tomc
> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
> Subject: Re: Help with security-constraint in web.xml
>
> However, when I enter the login credentials and submit the
> form, nothing happens. Somehow changing the redirectPort
> seems to have broken the login form.
Turn on
the login form.
I'm sure there must be a simple explanation. Chuck, please help me out!!
Thank you,
Joe
On Mon, Jan 4, 2010 at 3:25 PM, Caldarale, Charles R
wrote:
>> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
>> Subject: Re: Help with security-constraint in web.xml
&g
> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
> Subject: Re: Help with security-constraint in web.xml
>
> Only a couple of pages need to be served on HTTPS on our website. All
> the remaining pages could be accessed using just HTTP.
Then I'd use what you've got and
Chuck,
>> No, I said you could handle the SSL encryption/decryption in httpd; the
>> redirection still has to occur by Tomcat recognizing a reference to a
>> confidential resource.
I did configure the SSL on the httpd end
(c:\Apache\conf\extra\httpd-ssl.conf) file.
>> As far as how to do so, y
> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
> Subject: Re: Help with security-constraint in web.xml
>
> You were saying that I should handle the forced HTTPS redirection of
> certain pages on the httpd end, right?
No, I said you could handle the SSL encryption/decryptio
Thanks for the super quick reply, Chuck! Here's what I did. I changed
the redirectPort on the following two Connector elements. From 8443 to
443. And that did the trick.
/* Previously */
/* Currently */
You were saying that I should handle the forced HTTPS redirection of
certain pages on the
> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
> Subject: Help with security-constraint in web.xml
>
> What do I need to do so that the user is directed to
> https://ourwebsite.com/spring_security_login instead
Fix the redirectPort attribute in your elements in conf/server.xml.
BTW, since
