I think you could configure your server so that the 80 port is not available, only the 443 one. Programaticaly, you can invoke the request.isSecure() method to check whether your request uses https.
-----Mensagem original----- De: alla winter [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 23 de outubro de 2007 17:02 Para: users@tomcat.apache.org Assunto: Fwd: How can I ensure that client access servlets via HTTPS? I would appreciate if you answer the question bellow thanks ---------- Forwarded message ---------- From: alla winter <[EMAIL PROTECTED]> Date: Oct 22, 2007 2:48 PM Subject: How can I ensure that client access servlets via HTTPS? To: users@tomcat.apache.org I would appreciate if you give me a suggestion how to enforce clients to access servlet through SSL for TOMCAT 5.2.25 and JDK 1.5.0_12. ( The TOMCAT is set up for SSL with APR 1.9 and I can access it via HTTPS) I was thinking that I can accomplish that with the following: <security-constraint> <web-resource-collection> <web-resource-name>view dept data</web-resource-name> <url-pattern>/cobra_source/servlet/servlet/com.cobrasource.servlets.InitiatorServlet</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> However, it doesn't make any difference and I can access this servlet via HTTP . Could that be that I do not have user role? But I have a different method for authentication that is conducted outside of TOMCAT. Am I missing something or there is something else that I can do ? Thanks for your help --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
