I'm going to take a stab-in-the-dark, and guess that you didn't change the
value of the 'redirectPort' on the Connector to be '443'.

"cprs-develop" <cprs-develop@(protected)
news:000801c3d61e$2d701930$4d01a8c0@(protected)...
Hello All:

I am running Apache Tomcat 4.1.27, with IIS 5.0 on Windows 2000
Professional configured to serve the JSP pages using the ISAPI
redirector.

I have also configured SSL support using the Windows IIS management
console.

Currently JSP pages can be accessed using the
http://SomeHost/SomeDirectory or https://SomeHost/SomeDirectory URL.

I am trying to specify URLs that should be available only through SSL.
For this, I have added the <security-constraint> section in web.xml for
the relevant webapp directory.

<web-app>
. . . . .
</welcome-file-list>

<!-- All resources under the /SSL directory should only be available via
SSL -->

<security-constraint>
  <web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/SSL/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

</web-app>

Now, when I try to access the resources under the /SSL directory, (using
http or https) IIS gives me a "Page not found" error message.

However, if I disable IIS and run Tomcat independently, directory
security is enabled, and everything works fine, i.e., if I use
http://SomeHost/webapp/SSL, it automatically redirects to
https://SomeHost/webapp/SSL.

I found an earlier thread
(http://mikal.org/interests/java/tomcat/archive/view?mesg=44502) which
mentions that the ISAPI redirector may be to blame, but I am not sure if
it applies in this scenario.

Any help would be greatly appreciated.

Thanks,
Vic




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)