You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Danny Morgan <dm...@corpmedia.com> on 2002/09/30 20:58:20 UTC
SSL Configuration for Form-Based Auth.
First this is what I have installed:
Redhat Linux v7.3
w/
apache-1.3.23-14
mod_ssl-2.8.7-6
Sun's Java jdk-1.4.1
Jakarta tomcat-4.1.12
mod_jk2
I currently have the web-app up and running just fine, however I'm
running into a few problems with form-based auth using SSL. Apache is
configured to handle the SSL connections from users, it works fine under
with "NONE" in <transport-guarantee> (http) but errors out with
"CONFIDENTIAL" in <transport-guarantee> (https) with "Redirection limit
for this URL exceeded. Unable to load the requested page".
Let me know if you need any more info.
Thanks,
Danny
Here is part of my web.xml
<security-constraint>
<display-name>Server Configuration Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Server Configuration Form-Based Authentication
Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>