Hi,
I'm trying to get https:// working on an application running on Tomcat
5.5.23 on Windows Server 2003. When I ran the application on port 8080,
it logged me in fine using our login filters, however when I moved to
https://, the application returns 403 without any messages being written
to stdout or logging messages that I've put in the filters to try and
debug them if needs be.
I've set up the connector in server.xml like:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="500" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" proxyPort="443"
proxyName="localhost"
keystoreFile="/file/path"/>
I've set <security-constraints> in the web.xml file like so:
<security-constraint>
<web-resource-collection>
<web-resource-name>Application</web-resource-name>
<description>Application user</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I've defined the roles as well for this application but still no joy.
Like the Yale CAS filter project, my filters read roles from the
application's web.xml file. Would https:// prevent this?
Thanks in advance for any pointers and advice.
Iain
--
Scanned by iCritical.
