Re: Tomcat ssl/https: error 302 when accessing servlet with https

Fri, 16 Feb 2007 14:09:02 -0800

Thanks Chuck. This was working before I replaced my ssl certificate. As for <auth-constraint>, users never had to authenticate before accessing the servlet(s). If I add a role name in tomcat-users so this is accessible to anyone, do I simply make a new role, say myuser, and set <user username="myuser" roles="myuser">, then set the auth-constraint role-name to myuser? 

Again, much thanks.

Greg.
Caldarale, Charles R wrote:
From: Greg Brownell [mailto:[EMAIL PROTECTED] Subject: Tomcat ssl/https: error 302 when accessing servlet with https 

web.xml has the following entries:
   <!-- Security roles referenced by this web application -->
   <security-role>
     <role-name>role1</role-name>
   </security-role>
   <security-role>
     <role-name>tomcat</role-name>
   </security-role>
<security-constraint>
     <web-resource-collection>
       <web-resource-name>secure pages</web-resource-name>
       <url-pattern>/fileview</url-pattern>
     </web-resource-collection>
     <web-resource-collection>
       <web-resource-name>secure pages</web-resource-name>
       <url-pattern>/vconfirm_n</url-pattern>
     </web-resource-collection>
     <web-resource-collection>
       <web-resource-name>secure pages</web-resource-name>
       <url-pattern>/vconfirm</url-pattern>
     </web-resource-collection>
     <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
</security-constraint>


Where's your <auth-constraint>?  Note the following from the spec:
"If no roles are defined [within an auth-constraint], no user is allowed
access to the portion of the web application described by the containing
security-constraint."

Also, the list of roles may have to come after the
<security-constraint>, depending on how picky the DTD is.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to