Not sure wether this could help:
<security-constraint>
<web-resource-collection>
<web-resource-name>all-except-attachments</web-resource-name>
<url-pattern>*.js</url-pattern>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspa</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>/browse/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I needed those to configure JIRA to do everything via SSL
->
http://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS
So maybe you miss the *?
René
On Fri, 6 Jul 2007 03:40:50 -0700 (PDT)
christianhau <[EMAIL PROTECTED]> wrote:
Thanks man!
I have tried a similar approach with the web.xml but no
luck. This is what I
wrote in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire
Application</web-resource-name>
<url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Now I am not 100% sure if the pattern is correct, how
would I check that?
And another thing, you mentioned a suitable servlet
filter? How would you go
about making a servlet filter for this purpose and where
would you put it?
As you can tell from my question I have little
experience with servlet
filters..
Thanks again :)
Lyallex wrote:
Hi
This is my first contribution to this list and I expect
others will have
better ways of doing it but ...
The way I managed to get his working is to set the ssl
connector port to
the
default ssl port (443)
and my non-ssl connector port to the default http port
(80)
Obviously there are issues starting Tomcat on these
ports on *NIX systems
but judging by the following
entry in your ssl connector
(keystoreFile="/root/.keystore") you appear to
have access to root.
That should do it
Also in my etc/hosts file I have set 127.0.0.1
www.mywebapp.co.uk and my
app is the root web app
so now, combined with the following in web.xml
<security-constraint>
...
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
...
</security-constraint>
and a suitable servlet filter I can switch between http
and https almost
at
will with no messing about with ports just by asking for
http://www.mywebapp.co.uk
Hope this helps
Cheers
Duncan
On 7/6/07, christianhau <[EMAIL PROTECTED]> wrote:
Hi!
I have set up a tomcat server with ssl that works fine
as long as I go to
the adress https://adress:8443 I want to get rid of the
port number, is
there any easy way to do this so that tomcat understands
the https
request
that comes in?
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystorePass="changeit"
sslProtocol="TLS"
keystoreFile="/root/.keystore"
truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
/>
This is my ssl connector in my server.xml. I tried
getting a redirct from
http to https going but couldn't do that in tomcat
alone, any tips on
that
aswell? I have done this:
<Connector port="8080" protocol="HTTP/1.1"
redirectPort="8443" />
With no luck... Thanks for any help!!
--
View this message in context:
http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
Sent from the Tomcat - User mailing list archive at
Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
Sent from the Tomcat - User mailing list archive at
Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
