You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by SPIELMANN Christophe <cs...@europarl.eu.int> on 2004/07/08 16:02:06 UTC
Tomcat 5 with HTTPS to protect a subset of a webapp : pb url-pattern + security constraint
Hello there,
I use the classic Tomcat 5.0.18 without any modif.
I would like to protect a subset of my webapp. to do so, I did the following stuffs:
- I configured my Tomcat to accept SSL
- I added a security-constraint in web.xml
I am facing the following problems:
1. the url-pattern /frwk/module/admin* does not work. I don't switch to Https. With a more simple pattern it works fine.
2. In my browser IE5.50 :-( , I got some links https://localhost:8080/framework... I then get error with those links. I truly don't understand the logic as when I see the properties of the page I see https://localhost:8433/framework. And My address bar is also https://localhost:8433/... ( due to a redirect ? )
3. I was expecting Tomcat to switch from http to https and then from http to https when a page is outside the security pattern. It does not seem to be the case. It would have been to simple I imagine.
If Any one has ever done such a thing, I would appreciate your hints.
Here are my configs:
in web.xml :
<!-- Define a security constraint on this application -->
<security-constraint>
<display-name>Embedded Admin Module Security</display-name>
<!-- Define the context-relative URL(s) to be protected -->
<web-resource-collection>
<web-resource-name>Admin module through actions</web-resource-name>
<url-pattern>/frwk/module/admin*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Admin module through Language Bar with tile as the forward</web-resource-name>
<url-pattern>/i18n/processLocalization.do\?forward=frwk\.admin*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Admin module through Language Bar with an action as the forward</web-resource-name>
<url-pattern>/i18n/processLocalization.do\?forward=/frwk/module/admin*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>framework</role-name>
</auth-constraint>
<user-data-constraint>
<description>lets use https</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Define the login configuration for this application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Framework Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Administration Application
</description>
<role-name>framework</role-name>
</security-role>
In server.xml:
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" port="8080" redirectPort="8443" allowTrace="true">
</Connector>
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystorePass="tomcat" keystoreFile="c:/DGPE/jakarta-tomcat-5.0.18/certificates/keystore" >
</Connector>
Txs,
Christophe Spielmann
cspielmann@europarl.eu.int
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org