You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Giorgio Ponza <gi...@opla.it> on 2003/04/02 10:28:17 UTC

Tomcat and security-constraint

Hi all
My conf:
Tomcat 4.1.18 LE JDK1.4
Apache 2.0.44 with openssl
mod_jk

I want to secure a JSP page, but not with authentication, only with HTTPS
support.
So i added the lines in WEB.XML

<security-constraint>
  <web-resource-collection>
      <web-resource-name>Test securing JSP pages</web-resource-name>
          <description>Test securing JSP pages</description>
          <url-pattern>/jsp/users/*.jsp</url-pattern>
  </web-resource-collection>
       <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
</security-constraint>

but Tomcat logs says: ##### No Realm has been configured to authenticate
against
So i uncommented MemoryRealm (i think is not the right Realm)
and it now says
ContextConfig[]: Configured an authenticator for method NONE

and obviously the pages in /jsp/users continue to use simple HTTP transport
protocol

Can anyone tell me what i have to configure, or which Realm i have to use ?
Tx in advance

Giorgio Ponza



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org