You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Adam Hardy <ah...@cyberspaceroad.com> on 2003/10/13 15:24:04 UTC

manager.xml: cannot configure SSL for form-based authentication

Sorry if this comes through twice. I think it got eaten by my email 
software the first time.

I have tried putting the following in
$CATALINA_HOME/server/webapps/manager/WEB-INF/web.xml but the SSL config 
is ignored:

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>SSL 4 Login</web-resource-name>
       <url-pattern>/ssllogin.html</url-pattern>
       <url-pattern>/sslerror.html</url-pattern>
     </web-resource-collection>
     <user-data-constraint>
       <description>SSL required</description>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
   </security-constraint>

   <login-config>
     <auth-method>FORM</auth-method>
     <realm-name>BlackSailRealm</realm-name>
     <form-login-config>
       <form-login-page>/ssllogin.html</form-login-page>
       <form-error-page>/sslerror.html</form-error-page>
     </form-login-config>
   </login-config>

I have the login & error pages in $CATALINA_HOME/server/webapps/manager/

Basically it always stays in non-SSL protocol.

I posted this in bugzilla, being confident that tomcat was not doing 
what it was supposed to, but apparently it is. I got the following 
solution via bugzilla, but I don't understand it! How is this telling me 
I should configure SSL for the manager login?

Thanks

On 10/13/2003 02:19 PM bugzilla@apache.org wrote:
[...]
 > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
 >
 > cannot configure SSL for form-based authentication >
[...]
 >
 >
 > ------- Additional Comments From remm@apache.org  2003-10-13 12:19 
-------
 > FORM can be implemented as an internal redirection, like welcome 
files. As a
 > result, it is not subject to constraints. Please do not reopen the 
report.
 >

-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: manager.xml: cannot configure SSL for form-based authentication

Posted by Adam Hardy <ah...@cyberspaceroad.com>.

On 10/14/2003 08:41 AM Bill Barker wrote:
> "Adam Hardy" <ah...@cyberspaceroad.com> wrote in message
> news:3F8AA774.7070106@cyberspaceroad.com...
>>
>>Basically it always stays in non-SSL protocol.
>>
>>I posted this in bugzilla, being confident that tomcat was not doing
>>what it was supposed to, but apparently it is. I got the following
>>solution via bugzilla, but I don't understand it! How is this telling me
>>I should configure SSL for the manager login?
>>
> 
> 
> Pretty simple really:
>   <a href="https://my.host.com/manager">Manager</a>
> And, I agree with Remy's comments in BZ.  Unless there is a last-minute
> change in the Servlet 2.4 spec, Tomcat is working as expected.  Of course
> the place to complain is: servletapi-feedback@eng.sun.com

Hi Bill,

thanks for answering. Pretty simple indeed. I have no complaints over 
the interpretation of the servlet spec.

I do feel that it is inefficient that I should have to find out about 
this change in this way - i.e. looking at my app not working as I expect 
it to (as it did in the past), thinking I've configured it wrong, 
checking all my configuration, mailing the user list, entering an issue 
into bugzilla etc.

This issue in the servlet spec does not stand out as something new, 
there are no notes on this on the tomcat website, there is nothing in 
the Release Notes.

I know what you're going to say: this is open-source, we all do what we 
can, perhaps I should monitor the tomcat dev list and write a recap 
every month for the user list etc. - touchee I guess.

Thanks anyway,
Adam

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: manager.xml: cannot configure SSL for form-based authentication

Posted by Bill Barker <wb...@wilshire.com>.

"Adam Hardy" <ah...@cyberspaceroad.com> wrote in message
news:3F8AA774.7070106@cyberspaceroad.com...
> Sorry if this comes through twice. I think it got eaten by my email
> software the first time.
>
> I have tried putting the following in
> $CATALINA_HOME/server/webapps/manager/WEB-INF/web.xml but the SSL config
> is ignored:
>
>    <security-constraint>
>      <web-resource-collection>
>        <web-resource-name>SSL 4 Login</web-resource-name>
>        <url-pattern>/ssllogin.html</url-pattern>
>        <url-pattern>/sslerror.html</url-pattern>
>      </web-resource-collection>
>      <user-data-constraint>
>        <description>SSL required</description>
>        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>      </user-data-constraint>
>    </security-constraint>
>
>    <login-config>
>      <auth-method>FORM</auth-method>
>      <realm-name>BlackSailRealm</realm-name>
>      <form-login-config>
>        <form-login-page>/ssllogin.html</form-login-page>
>        <form-error-page>/sslerror.html</form-error-page>
>      </form-login-config>
>    </login-config>
>
> I have the login & error pages in $CATALINA_HOME/server/webapps/manager/
>
> Basically it always stays in non-SSL protocol.
>
> I posted this in bugzilla, being confident that tomcat was not doing
> what it was supposed to, but apparently it is. I got the following
> solution via bugzilla, but I don't understand it! How is this telling me
> I should configure SSL for the manager login?
>

Pretty simple really:
  <a href="https://my.host.com/manager">Manager</a>
And, I agree with Remy's comments in BZ.  Unless there is a last-minute
change in the Servlet 2.4 spec, Tomcat is working as expected.  Of course
the place to complain is: servletapi-feedback@eng.sun.com

> Thanks
>
> On 10/13/2003 02:19 PM bugzilla@apache.org wrote:
> [...]
>  > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
>  >
>  > cannot configure SSL for form-based authentication >
> [...]
>  >
>  >
>  > ------- Additional Comments From remm@apache.org  2003-10-13 12:19
> -------
>  > FORM can be implemented as an internal redirection, like welcome
> files. As a
>  > result, it is not subject to constraints. Please do not reopen the
> report.
>  >
>
> -- 
> struts 1.1 + tomcat 5.0.12 + java 1.4.2
> Linux 2.4.20 RH9




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org