You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Giorgio Ponza <gi...@opla.it> on 2003/04/02 10:28:17 UTC
Tomcat and security-constraint
Hi all
My conf:
Tomcat 4.1.18 LE JDK1.4
Apache 2.0.44 with openssl
mod_jk
I want to secure a JSP page, but not with authentication, only with HTTPS
support.
So i added the lines in WEB.XML
<security-constraint>
<web-resource-collection>
<web-resource-name>Test securing JSP pages</web-resource-name>
<description>Test securing JSP pages</description>
<url-pattern>/jsp/users/*.jsp</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
but Tomcat logs says: ##### No Realm has been configured to authenticate
against
So i uncommented MemoryRealm (i think is not the right Realm)
and it now says
ContextConfig[]: Configured an authenticator for method NONE
and obviously the pages in /jsp/users continue to use simple HTTP transport
protocol
Can anyone tell me what i have to configure, or which Realm i have to use ?
Tx in advance
Giorgio Ponza
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org