You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Adam Hardy <ad...@cyberspaceroad.com> on 2003/10/13 14:42:48 UTC
cannot configure SSL for form-based authentication
I have tried putting the following in
$CATALINA_HOME/server/webapps/manager/WEB-INF/web.xml but the SSL config
is ignored:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL 4 Login</web-resource-name>
<url-pattern>/ssllogin.html</url-pattern>
<url-pattern>/sslerror.html</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>SSL required</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BlackSailRealm</realm-name>
<form-login-config>
<form-login-page>/ssllogin.html</form-login-page>
<form-error-page>/sslerror.html</form-error-page>
</form-login-config>
</login-config>
I have the login & error pages in $CATALINA_HOME/server/webapps/manager/
Basically it always stays in non-SSL protocol.
I posted this in bugzilla, being confident that tomcat was not doing
what it was supposed to, but apparently it is. I got the following
solution via bugzilla, but I don't understand it! How is this telling me
I should configure SSL for the manager login?
Thanks
On 10/13/2003 02:19 PM bugzilla@apache.org wrote:
[...]
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
>
> cannot configure SSL for form-based authentication >
[...]
>
>
> ------- Additional Comments From remm@apache.org 2003-10-13 12:19 -------
> FORM can be implemented as an internal redirection, like welcome files. As a
> result, it is not subject to constraints. Please do not reopen the report.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org