Diego Armando Gusava wrote:
> i dont know how to request j_security_check on https!
>
> i attemped http://wiki.apache.org/tomcat/SSLWithFORMFallback but didnt work
I think the above attempts to find an SSL cert, but falls back to FORM
auth. Which isn't perhaps what you want?
> <login-config>
> <!--<auth-method>FORM</auth-method>-->
> <form-login-config>
> <form-login-page>/login.do</form-login-page>
> <form-error-page>/login/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
Set <transport-guarantee>CONFIDENTIAL</transport-guarantee> in the
security constraint section, as below. Ensure that you have an SSL
enabled connector and that the redirect port on the normal connector
matches the SSL port.
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/mySecurePath/</url-pattern>
<http-method>GET</http-method>
...
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>rolename</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
p
> tomcat redirect to Http!
>
> cheers
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
