You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2011/12/01 15:43:58 UTC
Re: Problems with forwaring HTTP to HTTPS
On 30/11/2011 18:32, Gregor S. wrote:
> My understanding was, that in the global web.xml
> ($catalina.home/conf/web.xml) the defaults are specified and promoted
> to all webapps. But it seems as the webapp doesn't inherit the element
> <user-data-constraints> from the global web.xml if it specifies it's
> own <security-constraints> - my expectation was, that it inherits
> those elements not specified inside the webapp's
> deployment-descriptor.
Your understanding is wrong.
You need to read the 2.5 servlet specification, particularly section
SRV.12.7.1.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problems with forwaring HTTP to HTTPS
Posted by "Gregor S." <rc...@googlemail.com>.
Marc,
thanks for your comment and thanks for pointing me to the right direction.
I guess this one is the matching excerpt from the specs:
===== [snip ]========
The combination of user-data-constraints that apply to a common
urlpattern and http-method shall yield the union of connection types
accepted by
the individual constraints as acceptable connection types. A security constraint
that does not contain a user-data-constraint shall combine with other
userdata-constraints to cause the unprotected connection type to be an
accepted
connection type.
===== [snap ]========
As Jeffrey mentioned, I guess I'll have to byte the bullet, but before
doing that, I'll try my luck writing a valve forwarding all http to
https.
Still, I guess the specs do have some room for improvement here,
meaning, it would be more than helpful if default settings could be
specified inside the global deployment descriptor. Wondering if I'm
the first person missing such a feature.
Thanks!
Gregor
On Thu, Dec 1, 2011 at 3:43 PM, Mark Thomas <ma...@apache.org> wrote:
> On 30/11/2011 18:32, Gregor S. wrote:
>> My understanding was, that in the global web.xml
>> ($catalina.home/conf/web.xml) the defaults are specified and promoted
>> to all webapps. But it seems as the webapp doesn't inherit the element
>> <user-data-constraints> from the global web.xml if it specifies it's
>> own <security-constraints> - my expectation was, that it inherits
>> those elements not specified inside the webapp's
>> deployment-descriptor.
>
> Your understanding is wrong.
>
> You need to read the 2.5 servlet specification, particularly section
> SRV.12.7.1.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org