You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Julie Ruiz <jr...@itecid1.telecom-co.net> on 2001/02/12 21:47:36 UTC

SSL

How do I configure in Tomcat a exclusive secure path, it is that a
specific servlet only use the https protocol but not both(http and
https).

Thanks,

Julie.

Re: Tomcat

Posted by William Brogden <wb...@bga.com>.


Julie Ruiz wrote:
> 
> Hi,
> 
> Where can I find a configuration manual of Tomcat???
> A manual that explain all the directives that we can configure in the server.xml and in the web.xml.
> 
> Julie Ruiz.
> 

Configuring web.xml is covered in detail in the servlets API 
documentation - download it in PDF format from java.sun.com

-- 
WBB - wbrogden@lanw.com
Java Cert mock exams http://www.lanw.com/java/javacert/
Author of Java Developer's Guide to Servlets and JSP 
ISBN 0-7821-2809-2

Tomcat

Posted by Julie Ruiz <jr...@itecid1.telecom-co.net>.

Hi,

Where can I find a configuration manual of Tomcat???
A manual that explain all the directives that we can configure in the server.xml and in the web.xml.

Julie Ruiz.

Re: SSL

Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.

Julie Ruiz wrote:

> I have installed Tomcat+SSL.  I need that my aplications be acceded only through a secure URL.
> How can I configure the context where are going to be the aplications that accede through a secure URL, but can´t be accede by a non secure URL??
>

For Tomcat+SSL stand-alone, you have a couple of choices:

* If you do not need the non-SSL port for anything else, you
  can disable it by removing the <Connector> element for port 8080
  from your "conf/server.xml" file.

* If you need non-SSL for other webapps and simply want to protect
  this one, you can add a security constraint to your web.xml file:

    <security-constraint>
        <web-resource-collection>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

In this constraint, the URL pattern of "/*" protects your entire webapp (you could also require SSL on only part of it, if you wished), while the
CONFIDENTIAL requirement means that SSL is required.

>
> Julie.
>

Craig McClanahan

SSL

Posted by Julie Ruiz <jr...@itecid1.telecom-co.net>.

I have installed Tomcat+SSL.  I need that my aplications be acceded only through a secure URL.
How can I configure the context where are going to be the aplications that accede through a secure URL, but can´t be accede by a non secure URL??

Julie.

Re: Context path for ssl

Posted by John Golubenko <go...@columbiafunds.com>.

I don't know what you mean exactly, but request.getScheme() will return 
the HTTP | HTTPS protocol (http [://some/], https[://some]) you can load 
or not load the
servlet. To configure tomcat to handle https connection, look in 
server.xml file,
there is SSL part is commented out. I'll suggest to take a look at 
apache-ssl | open-ssl, and JSSE (javasoft.com, java ssl).



>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 2/13/01, 6:27:01 AM, "Julie Ruiz" <jr...@itecid1.telecom-co.net> wrote 
regarding Context path for ssl:


> How do I configure in Tomcat a context path only https sessions, it is 
that
> a
> specific servlet only use the https protocol but not both(http and
> https).

> Thanks,

> Julie.




> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-user-help@jakarta.apache.org

NOTICE:  This communication may contain confidential or other privileged information.  If you are not the intended recipient, or believe that you have received this communication in error, please do not print, copy, retransmit, disseminate, or otherwise use the information.  Also, please indicate to the sender that you have received this email in error, and delete the copy you received.  Any communication that does not relate to official Columbia business is that of the sender and is neither given nor endorsed by Columbia.  Thank you.

Context path for ssl

Posted by Julie Ruiz <jr...@itecid1.telecom-co.net>.

How do I configure in Tomcat a context path only https sessions, it is that
a
specific servlet only use the https protocol but not both(http and
https).

Thanks,

Julie.

Context path for ssl

Posted by Julie Ruiz <jr...@itecid1.telecom-co.net>.

How do I configure in Tomcat a context path for only https sessions, it
is that a
specific servlet only use the https protocol but not both(http and
https).

Thanks,

Julie.