You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by alla winter <al...@gmail.com> on 2007/10/22 21:48:52 UTC
How can I ensure that client access servlets via HTTPS?
I would appreciate if you give me a suggestion how to enforce clients to
access servlet through SSL for TOMCAT 5.2.25 and JDK 1.5.0_12. ( The
TOMCAT is set up for SSL with APR 1.9 and I can access it via HTTPS)
I was thinking that I can accomplish that with the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>view dept data</web-resource-name>
<url-pattern>/cobra_source/servlet/servlet/com.cobrasource.servlets.InitiatorServlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
However, it doesn't make any difference and I can access this servlet via
HTTP .
Could that be that I do not have user role? But I have a different method
for authentication that is conducted outside of TOMCAT.
Am I missing something or there is something else that I can do ?
Thanks for your help
Fwd: How can I ensure that client access servlets via HTTPS?
Posted by alla winter <al...@gmail.com>.
I would appreciate if you answer the question bellow
thanks
---------- Forwarded message ----------
From: alla winter <al...@gmail.com>
Date: Oct 22, 2007 2:48 PM
Subject: How can I ensure that client access servlets via HTTPS?
To: users@tomcat.apache.org
I would appreciate if you give me a suggestion how to enforce clients to
access servlet through SSL for TOMCAT 5.2.25 and JDK 1.5.0_12. ( The
TOMCAT is set up for SSL with APR 1.9 and I can access it via HTTPS)
I was thinking that I can accomplish that with the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>view dept data</web-resource-name>
<url-pattern>/cobra_source/servlet/servlet/com.cobrasource.servlets.InitiatorServlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
However, it doesn't make any difference and I can access this servlet via
HTTP .
Could that be that I do not have user role? But I have a different method
for authentication that is conducted outside of TOMCAT.
Am I missing something or there is something else that I can do ?
Thanks for your help