You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Adam Hardy <ah...@cyberspaceroad.com> on 2003/10/13 15:24:04 UTC
manager.xml: cannot configure SSL for form-based authentication
Sorry if this comes through twice. I think it got eaten by my email
software the first time.
I have tried putting the following in
$CATALINA_HOME/server/webapps/manager/WEB-INF/web.xml but the SSL config
is ignored:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL 4 Login</web-resource-name>
<url-pattern>/ssllogin.html</url-pattern>
<url-pattern>/sslerror.html</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>SSL required</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BlackSailRealm</realm-name>
<form-login-config>
<form-login-page>/ssllogin.html</form-login-page>
<form-error-page>/sslerror.html</form-error-page>
</form-login-config>
</login-config>
I have the login & error pages in $CATALINA_HOME/server/webapps/manager/
Basically it always stays in non-SSL protocol.
I posted this in bugzilla, being confident that tomcat was not doing
what it was supposed to, but apparently it is. I got the following
solution via bugzilla, but I don't understand it! How is this telling me
I should configure SSL for the manager login?
Thanks
On 10/13/2003 02:19 PM bugzilla@apache.org wrote:
[...]
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
>
> cannot configure SSL for form-based authentication >
[...]
>
>
> ------- Additional Comments From remm@apache.org 2003-10-13 12:19
-------
> FORM can be implemented as an internal redirection, like welcome
files. As a
> result, it is not subject to constraints. Please do not reopen the
report.
>
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: manager.xml: cannot configure SSL for form-based authentication
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
On 10/14/2003 08:41 AM Bill Barker wrote:
> "Adam Hardy" <ah...@cyberspaceroad.com> wrote in message
> news:3F8AA774.7070106@cyberspaceroad.com...
>>
>>Basically it always stays in non-SSL protocol.
>>
>>I posted this in bugzilla, being confident that tomcat was not doing
>>what it was supposed to, but apparently it is. I got the following
>>solution via bugzilla, but I don't understand it! How is this telling me
>>I should configure SSL for the manager login?
>>
>
>
> Pretty simple really:
> <a href="https://my.host.com/manager">Manager</a>
> And, I agree with Remy's comments in BZ. Unless there is a last-minute
> change in the Servlet 2.4 spec, Tomcat is working as expected. Of course
> the place to complain is: servletapi-feedback@eng.sun.com
Hi Bill,
thanks for answering. Pretty simple indeed. I have no complaints over
the interpretation of the servlet spec.
I do feel that it is inefficient that I should have to find out about
this change in this way - i.e. looking at my app not working as I expect
it to (as it did in the past), thinking I've configured it wrong,
checking all my configuration, mailing the user list, entering an issue
into bugzilla etc.
This issue in the servlet spec does not stand out as something new,
there are no notes on this on the tomcat website, there is nothing in
the Release Notes.
I know what you're going to say: this is open-source, we all do what we
can, perhaps I should monitor the tomcat dev list and write a recap
every month for the user list etc. - touchee I guess.
Thanks anyway,
Adam
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: manager.xml: cannot configure SSL for form-based authentication
Posted by Bill Barker <wb...@wilshire.com>.
"Adam Hardy" <ah...@cyberspaceroad.com> wrote in message
news:3F8AA774.7070106@cyberspaceroad.com...
> Sorry if this comes through twice. I think it got eaten by my email
> software the first time.
>
> I have tried putting the following in
> $CATALINA_HOME/server/webapps/manager/WEB-INF/web.xml but the SSL config
> is ignored:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>SSL 4 Login</web-resource-name>
> <url-pattern>/ssllogin.html</url-pattern>
> <url-pattern>/sslerror.html</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <description>SSL required</description>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>BlackSailRealm</realm-name>
> <form-login-config>
> <form-login-page>/ssllogin.html</form-login-page>
> <form-error-page>/sslerror.html</form-error-page>
> </form-login-config>
> </login-config>
>
> I have the login & error pages in $CATALINA_HOME/server/webapps/manager/
>
> Basically it always stays in non-SSL protocol.
>
> I posted this in bugzilla, being confident that tomcat was not doing
> what it was supposed to, but apparently it is. I got the following
> solution via bugzilla, but I don't understand it! How is this telling me
> I should configure SSL for the manager login?
>
Pretty simple really:
<a href="https://my.host.com/manager">Manager</a>
And, I agree with Remy's comments in BZ. Unless there is a last-minute
change in the Servlet 2.4 spec, Tomcat is working as expected. Of course
the place to complain is: servletapi-feedback@eng.sun.com
> Thanks
>
> On 10/13/2003 02:19 PM bugzilla@apache.org wrote:
> [...]
> > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
> >
> > cannot configure SSL for form-based authentication >
> [...]
> >
> >
> > ------- Additional Comments From remm@apache.org 2003-10-13 12:19
> -------
> > FORM can be implemented as an internal redirection, like welcome
> files. As a
> > result, it is not subject to constraints. Please do not reopen the
> report.
> >
>
> --
> struts 1.1 + tomcat 5.0.12 + java 1.4.2
> Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org