You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Knight, Digby" <Di...@hen.invesco.com> on 2004/06/09 10:31:25 UTC

redirectport not redirecting (again!)

Hi all,

I know this has been discussed a thousand times, but I've just tried to set
up Https redirection on Tomcat 5.0.19 or 24, and no matter what I do or what
instructions I follow, it won't work. Below are snips from my server.xml and
applications web.xml - are they okay, or do I need to do anything else? I've
tried having BASIC, FORM, NONE and no authentication, with and without roles
and loads of other permutations.

So below, I hit /index.jsp okay, and then hitting /pp/index.jsp just takes
me stright there - no redirect to https.

Https is working if I go there - there are no problems with the certificate.

Many thanks

Digby

server.xml
...
    <Connector acceptCount="100" connectionTimeout="20000" debug="0" 
disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" 
maxThreads="150" minSpareThreads="25" port="80" redirectPort="443" 
scheme="http" secure="false"/>
    
    <Connector acceptCount="100" disableUploadTimeout="true" 
enableLookups="false" keystoreFile="****" 
keystorePass="****" maxProcessors="75" port="443" redirectPort="80" 
scheme="https" secure="true" sslProtocol="TLS">
      <Factory 
className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" 
clientAuth="true" keystoreFile="****" 
keystorePass="****"/>
    </Connector>
...
web.xml
...
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Secure Areas</web-resource-name>
      <url-pattern>/pp/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>reg_user</role-name>
    </auth-constraint>
    <user-date-contraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-date-contraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Inecure Areas</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-date-contraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-date-contraint>
  </security-constraint>
 
  <!--login-config>
    <realm-name>Secure Areas</realm-name>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginError.jsp</form-error-page>
    </form-login-config>
  </login-config-->
 
  <security-role>
    <role-name>reg_user</role-name>
  </security-role>
...


-----------------------------------------
*****************************************************************
Confidentiality Note: The information contained in this 
message, and any attachments, may contain confidential 
and/or privileged material. It is intended solely for the 
person(s) or entity to which it is addressed. Any review, 
retransmission, dissemination, or taking of any action in 
reliance upon this information by persons or entities other 
than the intended recipient(s) is prohibited. If you received
this in error, please contact the sender and delete the 
material from any computer.
*****************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: redirectport not redirecting (again!)

Posted by Digby <li...@digby.net>.

Aha! I had <user-dat*e*-constraint/>!! Doh.

Knight, Digby wrote:

> Hi all,
> 
> I know this has been discussed a thousand times, but I've just tried to set
> up Https redirection on Tomcat 5.0.19 or 24, and no matter what I do or what
> instructions I follow, it won't work. Below are snips from my server.xml and
> applications web.xml - are they okay, or do I need to do anything else? I've
> tried having BASIC, FORM, NONE and no authentication, with and without roles
> and loads of other permutations.
> 
> So below, I hit /index.jsp okay, and then hitting /pp/index.jsp just takes
> me stright there - no redirect to https.
> 
> Https is working if I go there - there are no problems with the certificate.
> 
> Many thanks
> 
> Digby
> 
> server.xml
> ...
>     <Connector acceptCount="100" connectionTimeout="20000" debug="0" 
> disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" 
> maxThreads="150" minSpareThreads="25" port="80" redirectPort="443" 
> scheme="http" secure="false"/>
>     
>     <Connector acceptCount="100" disableUploadTimeout="true" 
> enableLookups="false" keystoreFile="****" 
> keystorePass="****" maxProcessors="75" port="443" redirectPort="80" 
> scheme="https" secure="true" sslProtocol="TLS">
>       <Factory 
> className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" 
> clientAuth="true" keystoreFile="****" 
> keystorePass="****"/>
>     </Connector>
> ...
> web.xml
> ...
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>Secure Areas</web-resource-name>
>       <url-pattern>/pp/*</url-pattern>
>     </web-resource-collection>
>     <auth-constraint>
>       <role-name>reg_user</role-name>
>     </auth-constraint>
>     <user-date-contraint>
>         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>     </user-date-contraint>
>   </security-constraint>
> 
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>Inecure Areas</web-resource-name>
>       <url-pattern>/*</url-pattern>
>     </web-resource-collection>
>     <user-date-contraint>
>         <transport-guarantee>NONE</transport-guarantee>
>     </user-date-contraint>
>   </security-constraint>
>  
>   <!--login-config>
>     <realm-name>Secure Areas</realm-name>
>     <auth-method>FORM</auth-method>
>     <form-login-config>
>       <form-login-page>/login.jsp</form-login-page>
>       <form-error-page>/loginError.jsp</form-error-page>
>     </form-login-config>
>   </login-config-->
>  
>   <security-role>
>     <role-name>reg_user</role-name>
>   </security-role>
> ...
> 
> 
> -----------------------------------------
> *****************************************************************
> Confidentiality Note: The information contained in this 
> message, and any attachments, may contain confidential 
> and/or privileged material. It is intended solely for the 
> person(s) or entity to which it is addressed. Any review, 
> retransmission, dissemination, or taking of any action in 
> reliance upon this information by persons or entities other 
> than the intended recipient(s) is prohibited. If you received
> this in error, please contact the sender and delete the 
> material from any computer.
> *****************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org