I would appreciate if you give me a suggestion how to enforce clients to
access servlet through SSL for TOMCAT 5.2.25 and JDK 1.5.0_12. ( The
TOMCAT is set up for SSL with APR 1.9 and I can access it via HTTPS)
I was thinking that I can accomplish that with the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>view dept data</web-resource-name>
<url-pattern>/cobra_source/servlet/servlet/com.cobrasource.servlets.InitiatorServlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
However, it doesn't make any difference and I can access this servlet via
HTTP .
Could that be that I do not have user role? But I have a different method
for authentication that is conducted outside of TOMCAT.
Am I missing something or there is something else that I can do ?
Thanks for your help
