Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

Re: manager.xml: cannot configure SSL for form-based authentication

Bill Barker

2003-10-14

Replies:


"Adam Hardy" <ahardy.struts@(protected)
news:3F8AA774.7070106@(protected)...
> Sorry if this comes through twice. I think it got eaten by my email
> software the first time.
>
> I have tried putting the following in
> $CATALINA_HOME/server/webapps/manager/WEB-INF/web.xml but the SSL config
> is ignored:
>
>   <security-constraint>
>    <web-resource-collection>
>     <web-resource-name>SSL 4 Login</web-resource-name>
>     <url-pattern>/ssllogin.html</url-pattern>
>     <url-pattern>/sslerror.html</url-pattern>
>    </web-resource-collection>
>    <user-data-constraint>
>     <description>SSL required</description>
>     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>    </user-data-constraint>
>   </security-constraint>
>
>   <login-config>
>    <auth-method>FORM</auth-method>
>    <realm-name>BlackSailRealm</realm-name>
>    <form-login-config>
>     <form-login-page>/ssllogin.html</form-login-page>
>     <form-error-page>/sslerror.html</form-error-page>
>    </form-login-config>
>   </login-config>
>
> I have the login & error pages in $CATALINA_HOME/server/webapps/manager/
>
> Basically it always stays in non-SSL protocol.
>
> I posted this in bugzilla, being confident that tomcat was not doing
> what it was supposed to, but apparently it is. I got the following
> solution via bugzilla, but I don't understand it! How is this telling me
> I should configure SSL for the manager login?
>

Pretty simple really:
<a href="https://my.host.com/manager">Manager</a>
And, I agree with Remy's comments in BZ. Unless there is a last-minute
change in the Servlet 2.4 spec, Tomcat is working as expected. Of course
the place to complain is: servletapi-feedback@(protected)

> Thanks
>
> On 10/13/2003 02:19 PM bugzilla@(protected):
> [...]
> > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
> >
> > cannot configure SSL for form-based authentication >
> [...]
> >
> >
> > ------- Additional Comments From remm@(protected)
> -------
> > FORM can be implemented as an internal redirection, like welcome
> files. As a
> > result, it is not subject to constraints. Please do not reopen the
> report.
> >
>
> --
> struts 1.1 + tomcat 5.0.12 + java 1.4.2
> Linux 2.4.20 RH9




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)


©2008 junlu.com - Jax Systems, LLC, U.S.A.