Chris,

Thanks for responding.  I got that from the web.xml file itself;

> <!--
>    To set up security settings for your web app, create a file named
> web-security.xml, put it in your project's mergedir.
>    Organize web-security.xml following this DTD slice:
>    <!ELEMENT security-constraint (display-name?, web-resource-collection+,
> auth-constraint?, user-data-constraint?)>
>    <!ELEMENT web-resource-collection (web-resource-name, description?,
> url-pattern*, http-method*)>
>    <!ELEMENT web-resource-name (#PCDATA)>
>    <!ELEMENT url-pattern (#PCDATA)>
>    <!ELEMENT http-method (#PCDATA)>
>    <!ELEMENT user-data-constraint (description?, transport-guarantee)>
>    <!ELEMENT transport-guarantee (#PCDATA)>
>    <!ELEMENT login-config (auth-method?, realm-name?, form-login-config?)>
>    <!ELEMENT auth-method (#PCDATA)>
>    <!ELEMENT realm-name (#PCDATA)>
>    <!ELEMENT form-login-config (form-login-page, form-error-page)>
>    <!ELEMENT form-login-page (#PCDATA)>
>    <!ELEMENT form-error-page (#PCDATA)>
>    -->


The only references I can find (including the archives of this list) are
copies of web.xml with those same instructions.  Creating a block that
adheres to that DTD and placing it in the bottom of web.xml (before the
last </web-app> tag) works as expected.

The web.xml file is dynamically generated and so I am left with having to
remember to update the tomcat7/webapps/<app>/WEB-INF/web.xml by hand *after* it
is finished deploying from the <app>.war file.  If I could place it in a
separate static web-security.xml file than it can be packaged in the .war
file and automatically applied whenever the application is deployed.

Thanks again for your help,

rik.

On Fri, Jul 19, 2019 at 2:44 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Richard,
>
> On 7/19/19 11:33, richard coleman wrote:
> > Hi all,
> >
> > Running tomcat 7.0.90, I am trying to add a security block to a
> > struts 1 application to redirect *most* urls to https.  It works
> > fine when I add it to the web.xml file in the
> > webapps/<application>/WEB-INF/web.xml file.
> >
> > That file states that I should be able to add it to a separate
> > web-security.xml file, but when I do so, tomcat *ignores* the
> > web-security.xml file.
> >
> > Is there something that's *not* mentioned that I am forgetting to
> > do to actually get this to work?
>
> I think you are asking the wrong mailing list. If you are using Struts
> for the redirection, then you want to ask the Struts folks why it's
> not working. You might want to provide en example of your
> configuration when doing so if you post over there.
>
> You might get crickets in response since you are asking about a
> product that was abandoned years ago. I feel your pain; I still use
> Struts 1.x myself. :(
>
> I've never heard of web-security.xml. Ever.
>
> What is it you are trying to configure in web-security.xml that works
> when you put it into web.xml? Why not just put it into web.xml if
> that's where it works?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0yD6MACgkQHPApP6U8
> pFjuIg/+ND6tguQw6z579Tabcc3movui80Zdva4EEyMzzCaJl0kkvF8wqVdEzErG
> uCOni0gwo3VflY5cdOM8cdAjcoR2iue3LrWOKQKEtuKpTuv6bGPO/HjGUBtKzMnd
> 0tBzohjEofy7IlS3+PhIVczdzKuU44s+SWUojYkQrtGSh2sgjkCfFC2IRisxoAWU
> YF29FARLbimkHDTlhjr0SqeUf5z5rt7l5y7IC8kzA2ipEJQaARfu+x/cQSlivPYd
> vrgOChrNFrqAhBHX5R+5KosL2nGPGT2cWodiVuC567Kyt5+vzp2PNLBKLwS3tT7T
> iOFGjZ3Z3AmctVebWFPEILuyoX9tqz0uZJjjkkeiLHl4d4RkvRAQOqjOyi0TyvNx
> bSenOp0YMp6Sq++lvDSmN3fx1VzoTMbfA4yacCFGLaflzJADO15kVRV/PM8aPAl6
> KPv16DrhGzxMCGVMoccQNxCYl1T0QyJfFJT+ocJVQ9ZRF1ZVd7rylq7RZwocnTh7
> tQptLst5e+SC3mcVvOhU/RLYXdqbstgaM93x8tvYv2jmtV7qmFyTDc/PGxYMr4Nh
> LfvVtyZG0Yq3672FwLgjIsbxMi91fkvGMJbXYkCUJXjvXNl+q8FwrzOJo/aGiXfY
> o0YExXDpKPRVMeEx36UXWjCu+JbFu6SBiX9zBkqt0k1NoC1jplU=
> =3GI8
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to