Thanks man :) About the filters, where do you implement them? I see they are in Java but still don't know where to put them :) And where do you put the filter mapping?
Thanks! Lyallex wrote: > > Hi > > Ah, yes, well I'm not really an 'expert' myself but I have been through > this > recently. > > The first thing I would say is that the following looks different to my > own > config > > <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern> > > here is one of my constraints > > <security-constraint> > <display-name>Standard user constraint used for checkout and account > modification</display-name> > <web-resource-collection> > <web-resource-name>my super new site</web-resource-name> > <url-pattern>/user/LoginPreCheck</url-pattern> > <url-pattern>/user/loggedin/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>wpcustomer</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > the url-pattern should be a relative path from the root of your > application > or some mapped path to a resource (experts correct me if I am wrong > please). > If you want everything protected then just use * (or /* I think actually). > > Now when a user tries this URL > http://www.mywebapp.co.uk/user/loggedin/editAccount.jsp Tomcat > automatically > ''redirects' to https. > > As for the filter, well I'm a bit new to them as well. At the moment I > have > decided that as long as a user is logged in then I'd like the session to > be > secure. When they hit the logout button then I don't need secure I just > need > straight http. > > Here is my filter > > public class HttpsRedirectFilter implements Filter{ > > ... > > public void doFilter(ServletRequest request, ServletResponse response, > FilterChain chain) throws IOException, ServletException { > if((request instanceof HttpServletRequest) && (response instanceof > HttpServletResponse)){ > String redirectTarget = > ((HttpServletRequest)request).getRequestURL().toString().replaceFirst("https", > "http"); > if(request.isSecure()){ > > ((HttpServletResponse)response).sendRedirect(redirectTarget); > } > else{ > chain.doFilter(request, response); > } > } > } > > ... > > Very basic and primitive I'm sure but it does the job > > The filter is mapped to the /logout url thus > > <filter> > <filter-name>redirectFilter</filter-name> > <filter-class>com.foo.bar.baz.HttpsRedirectFilter</filter-class> > </filter> > <filter-mapping> > <filter-name>redirectFilter</filter-name> > <url-pattern>/logout</url-pattern> > </filter-mapping> > > Anytime anyone logs out this filter fires and redirects to 'standard' > http. > > Now of course the filter could be a lot more sophisticated but it proved > the > concept to me, now all I need is that little bit of 'majik' > > Hope all this helps. > > All criticism welcome > > Cheers > Duncan > > > On 7/6/07, christianhau <[EMAIL PROTECTED]> wrote: >> >> >> Thanks man! >> >> I have tried a similar approach with the web.xml but no luck. This is >> what >> I >> wrote in web.xml >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Entire >> Application</web-resource-name> >> >> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern> >> </web-resource-collection> >> <user-data-constraint> >> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >> </user-data-constraint> >> </security-constraint> >> >> Now I am not 100% sure if the pattern is correct, how would I check that? >> And another thing, you mentioned a suitable servlet filter? How would you >> go >> about making a servlet filter for this purpose and where would you put >> it? >> As you can tell from my question I have little experience with servlet >> filters.. >> >> Thanks again :) >> >> >> >> >> Lyallex wrote: >> > >> > Hi >> > >> > This is my first contribution to this list and I expect others will >> have >> > better ways of doing it but ... >> > >> > The way I managed to get his working is to set the ssl connector port >> to >> > the >> > default ssl port (443) >> > and my non-ssl connector port to the default http port (80) >> > Obviously there are issues starting Tomcat on these ports on *NIX >> systems >> > but judging by the following >> > entry in your ssl connector (keystoreFile="/root/.keystore") you appear >> to >> > have access to root. >> > >> > That should do it >> > >> > Also in my etc/hosts file I have set 127.0.0.1 www.mywebapp.co.uk and >> my >> > app is the root web app >> > >> > so now, combined with the following in web.xml >> > >> > <security-constraint> >> > ... >> > <user-data-constraint> >> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> >> > </user-data-constraint> >> > ... >> > </security-constraint> >> > >> > and a suitable servlet filter I can switch between http and https >> almost >> > at >> > will with no messing about with ports just by asking for >> > http://www.mywebapp.co.uk >> > >> > Hope this helps >> > >> > Cheers >> > Duncan >> > >> > >> > On 7/6/07, christianhau <[EMAIL PROTECTED]> wrote: >> >> >> >> >> >> Hi! >> >> >> >> I have set up a tomcat server with ssl that works fine as long as I go >> to >> >> the adress https://adress:8443 I want to get rid of the port number, >> is >> >> there any easy way to do this so that tomcat understands the https >> >> request >> >> that comes in? >> >> >> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >> >> maxThreads="150" scheme="https" secure="true" >> >> clientAuth="false" keystorePass="changeit" sslProtocol="TLS" >> >> keystoreFile="/root/.keystore" >> >> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts" >> /> >> >> >> >> This is my ssl connector in my server.xml. I tried getting a redirct >> from >> >> http to https going but couldn't do that in tomcat alone, any tips on >> >> that >> >> aswell? I have done this: >> >> >> >> <Connector port="8080" protocol="HTTP/1.1" >> >> >> >> redirectPort="8443" /> >> >> >> >> With no luck... Thanks for any help!! >> >> -- >> >> View this message in context: >> >> >> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871 >> >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> >> >> >> --------------------------------------------------------------------- >> >> To start a new topic, e-mail: users@tomcat.apache.org >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081 >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > -- View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11496915 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
