You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Peter Lee <to...@shaw.ca> on 2003/01/08 11:43:37 UTC
Transport-guarantee problem with 4.1.18
I asked this earlier, but I still got problems with it. I upgraded to 4.1.18, but I got
some problems with security constraints.
I have applied a security constraint on a particular url pattern. Only
certain users with a special rolename can access that link. The data
transportation is also secure, therefore I put in a <transport-guarantee> in web.xml
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
It used to work but now the page does not load with v4.1.18.
I got a blank page instead of a login page.
Is SSL implemented differently v4.1.18 that prevents my application
from working like before?
I think it has to do with rolenames. I put in the needed role in tomcat-user.xml
already. Did I miss something?
Is there any documentation on tomcat v4.1.18 SSL security stuff?
Here is my security constraint in web.xml:
<!-- Secure form
URLs of the form
http://localhost/Prefix/mypage
require SSL and are redirected to
https://localhost/Prefix/mypage -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SSLspecial</web-resource-name>
<url-pattern>/protectedpage/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>specialrole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>