You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Rene' Clayton <RC...@sagent.com> on 2000/11/15 15:12:02 UTC

UNSUBSCRIBE!

-----Original Message-----
From: Lacerda, Wellington (AFIS) [mailto:Wellington.Lacerda@fao.org]
Sent: Wednesday, November 15, 2000 7:28 AM
To: 'tomcat-user@jakarta.apache.org'
Subject: using SSL on standalone Tomcat - Urgent !

Hi All,

I've set up SSL on a 3.2b7 instance. Also I defined a context, say /wlss,
with a directory and a resource, say /wlss1/index.htm inside that context.

I want to configure that context in such a way that the access to
/wlss1/index.htm is only allowed if the transport is guaranteed at
confidential level(SSL). I read the spec and created this web.xml to do the
job:

<web-app>
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>a</web-resource-name>
   <url-pattern>/wlss1/*</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
   <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
  </web-resource-collection>
 </security-constraint>
</web-app>

By my understanding, I'm allowing access to the resource collection "a" -
mapped to /wlss1/anything with GET or POST only through a confidential
transport - SSL. 

It's not working at all. I can still access it through normal http. Am I
missing something here ?

Another question - how to impose confidential transport to the entire
context ?

Thanks in advance for any help,

Wellington Silva
UN/FAO