> From: Pierre Goupil [mailto:[EMAIL PROTECTED] > Subject: secured authentication / connection > > Can anyone point me to a relevant tutorial ?
Besides configuring SSL as Mark T pointed out, you need to read section 12 of the servlet spec: http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index.html Section 12.5.3 is specifically for form-based authentication. To force SSL for everything, use a <transport-guarantee> of CONFIDENTIAL in conjunction with a <url-pattern> of /* in your app's WEB-INF/web.xml file. For example: <security-constraint> <web-resource-collection> <web-resource-name>Protect Everything</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>RequiredRoleHere</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
