You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Dmitry ..." <di...@yahoo.com> on 2002/06/29 17:55:30 UTC
SSL and Authentication
Hello everyone.
I have a security-contstraint set up with <url-pattern>/*</url-pattern> and JDBCRealm, and I have SSL configured in server.xml. Both the JDBCRealm and SSL are working, just not quite as I'd like.
Currently, when the user first enters my site (/mysite/index.html), he is asked to authenticate himself. When the user requests a page through SSL (.../location=https:8443/mysite/../Registration.jsp), he is again asked to authenticate himself.
What I want is:
1) The user to be able to access index.html (and a few other pages) withought authentication. I'd rather not have to enter every page individually under <web-resource-collection>.
*2) The user to not have to re-authenticate himself when he selects to go to Registration.jsp via SSL.
Thank you in advance,
Dmitry
---------------------------------
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup
Re: SSL and Authentication
Posted by "Dmitry ..." <di...@yahoo.com>.
I figured out that I'll need to refactor my directory structure and use seperate <security-constraint>s. I'm curious, is there a standard or preferred way to do this?
My next step is to integrate Tomcat with Apache, and then an EJB server (perhaps JBoss?)...
--Dmitry
"Dmitry ..." <di...@yahoo.com> wrote:
Hello everyone.
I have a security-contstraint set up with /* and JDBCRealm, and I have SSL configured in server.xml. Both the JDBCRealm and SSL are working, just not quite as I'd like.
Currently, when the user first enters my site (/mysite/index.html), he is asked to authenticate himself. When the user requests a page through SSL (.../location=https:8443/mysite/../Registration.jsp), he is again asked to authenticate himself.
What I want is:
1) The user to be able to access index.html (and a few other pages) withought authentication. I'd rather not have to enter every page individually under .
*2) The user to not have to re-authenticate himself when he selects to go to Registration.jsp via SSL.
Thank you in advance,
Dmitry
---------------------------------
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup
---------------------------------
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup