Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

security-constraint not working, help please...

Trey Ethridge

2005-08-12


Hello all,

I'm ready to pull my hair out getting the security constraint to work. Basically, I need to forward all traffic except one directory to the https port. I've got it to work if I use the url-pattern of "/*". However, when I specify the patterns to accomplish the task, nothing matches and I can access any page through the http port.

Here is what I'm using:

In web.xml:
<security-constraint>
   <web-resource-collection>
     <web-resource-name>Automatic SLL Forwarding</web-resource-name>
     <url-pattern>/Temp/*</url-pattern>
     <url-pattern>/temp/*</url-pattern>
     <url-pattern>/pictures/*</url-pattern>
     <url-pattern>/resources/*</url-pattern>
     <url-pattern>/admin/*</url-pattern>
     <url-pattern>/web/*</url-pattern>
     <url-pattern>/Operator/*</url-pattern>
     <url-pattern>/operator/*</url-pattern>
     <url-pattern>/soap/*</url-pattern>
     <url-pattern>/webtools/*</url-pattern>
   </web-resource-collection>
   <user-data-constraint>
    <transport-guarantee>
     CONFIDENTIAL
    </transport-guarantee>
   </user-data-constraint>
  </security-constraint>

In server.xml:
<Server>
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" descriptors="/jboss-mbeans.xml" debug="0"/>
<Service name="jboss.web" className="org.jboss.web.tomcat.tc5.StandardService">
  <Connector port="81" address="${jboss.bind.address}"
     maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
     enableLookups="false" redirectPort="8443" acceptCount="100"
     connectionTimeout="20000" disableUploadTimeout="true" />
  <Connector port="8009" address="${jboss.bind.address}"
     enableLookups="false" redirectPort="8443" debug="0"
     protocol="AJP/1.3" />
  <Connector port="8443" minProcessors="5" maxProcessors="200"
     enableLookups="true" disableUploadTimeout="true"
     scheme="https" secure="true" keystorepass="changeit"
     keystoreFile="${jboss.server.home.dir}/conf/.keystore" acceptCount="200" debug="0"
     clientAuth="false" sslProtocol="TLS" />
  <Engine name="jboss.web" defaultHost="localhost">
   <Logger className="org.jboss.web.tomcat.Log4jLogger"
      verbosityLevel="INFORMATION"
      category="org.jboss.web.localhost.Engine"/>
   <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm" />
   <Host name="localhost" autoDeploy="false" deployOnStartup="false" deployXML="false">
    <Valve className="org.apache.catalina.valves.AccessLogValve"
       prefix="localhost_access_log." suffix=".log"
       pattern="common" directory="${jboss.server.home.dir}/log"
       resolveHosts="false" />
    <DefaultContext cookies="true" crossContext="true" override="true" />
   </Host>
  </Engine>
</Service>
</Server>

Is there a way to specify everything except a directory using some kind of NOT operator?

Why won't what I'm using above forward me to the correct https port?

Thanks in advance.


___________________________________________________________________
Try Juno Platinum for Free! Then, only $9.95/month!
Unlimited Internet Access with 250MB of Email Storage.
Visit http://www.juno.com/value to sign up today!


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.