You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Knight, Digby" <Di...@hen.invesco.com> on 2004/06/09 10:31:25 UTC
redirectport not redirecting (again!)
Hi all,
I know this has been discussed a thousand times, but I've just tried to set
up Https redirection on Tomcat 5.0.19 or 24, and no matter what I do or what
instructions I follow, it won't work. Below are snips from my server.xml and
applications web.xml - are they okay, or do I need to do anything else? I've
tried having BASIC, FORM, NONE and no authentication, with and without roles
and loads of other permutations.
So below, I hit /index.jsp okay, and then hitting /pp/index.jsp just takes
me stright there - no redirect to https.
Https is working if I go there - there are no problems with the certificate.
Many thanks
Digby
server.xml
...
<Connector acceptCount="100" connectionTimeout="20000" debug="0"
disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75"
maxThreads="150" minSpareThreads="25" port="80" redirectPort="443"
scheme="http" secure="false"/>
<Connector acceptCount="100" disableUploadTimeout="true"
enableLookups="false" keystoreFile="****"
keystorePass="****" maxProcessors="75" port="443" redirectPort="80"
scheme="https" secure="true" sslProtocol="TLS">
<Factory
className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
clientAuth="true" keystoreFile="****"
keystorePass="****"/>
</Connector>
...
web.xml
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Areas</web-resource-name>
<url-pattern>/pp/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>reg_user</role-name>
</auth-constraint>
<user-date-contraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-date-contraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Inecure Areas</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-date-contraint>
<transport-guarantee>NONE</transport-guarantee>
</user-date-contraint>
</security-constraint>
<!--login-config>
<realm-name>Secure Areas</realm-name>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config-->
<security-role>
<role-name>reg_user</role-name>
</security-role>
...
-----------------------------------------
*****************************************************************
Confidentiality Note: The information contained in this
message, and any attachments, may contain confidential
and/or privileged material. It is intended solely for the
person(s) or entity to which it is addressed. Any review,
retransmission, dissemination, or taking of any action in
reliance upon this information by persons or entities other
than the intended recipient(s) is prohibited. If you received
this in error, please contact the sender and delete the
material from any computer.
*****************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: redirectport not redirecting (again!)
Posted by Digby <li...@digby.net>.
Aha! I had <user-dat*e*-constraint/>!! Doh.
Knight, Digby wrote:
> Hi all,
>
> I know this has been discussed a thousand times, but I've just tried to set
> up Https redirection on Tomcat 5.0.19 or 24, and no matter what I do or what
> instructions I follow, it won't work. Below are snips from my server.xml and
> applications web.xml - are they okay, or do I need to do anything else? I've
> tried having BASIC, FORM, NONE and no authentication, with and without roles
> and loads of other permutations.
>
> So below, I hit /index.jsp okay, and then hitting /pp/index.jsp just takes
> me stright there - no redirect to https.
>
> Https is working if I go there - there are no problems with the certificate.
>
> Many thanks
>
> Digby
>
> server.xml
> ...
> <Connector acceptCount="100" connectionTimeout="20000" debug="0"
> disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75"
> maxThreads="150" minSpareThreads="25" port="80" redirectPort="443"
> scheme="http" secure="false"/>
>
> <Connector acceptCount="100" disableUploadTimeout="true"
> enableLookups="false" keystoreFile="****"
> keystorePass="****" maxProcessors="75" port="443" redirectPort="80"
> scheme="https" secure="true" sslProtocol="TLS">
> <Factory
> className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
> clientAuth="true" keystoreFile="****"
> keystorePass="****"/>
> </Connector>
> ...
> web.xml
> ...
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Secure Areas</web-resource-name>
> <url-pattern>/pp/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>reg_user</role-name>
> </auth-constraint>
> <user-date-contraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-date-contraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Inecure Areas</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <user-date-contraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-date-contraint>
> </security-constraint>
>
> <!--login-config>
> <realm-name>Secure Areas</realm-name>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config-->
>
> <security-role>
> <role-name>reg_user</role-name>
> </security-role>
> ...
>
>
> -----------------------------------------
> *****************************************************************
> Confidentiality Note: The information contained in this
> message, and any attachments, may contain confidential
> and/or privileged material. It is intended solely for the
> person(s) or entity to which it is addressed. Any review,
> retransmission, dissemination, or taking of any action in
> reliance upon this information by persons or entities other
> than the intended recipient(s) is prohibited. If you received
> this in error, please contact the sender and delete the
> material from any computer.
> *****************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org