Jaime Acosta

that's disappointing ;*(

I guess I'll have to start trying to figure out how the authentication works instead...

thank you very much your help

Hello Bear,

thanks for the quick response!

yes, in production, we authenticate against a database (i am unfortunately not too familiar with our authentication process), but to avoid having to know the user's password to look at a user's production data, we circumvent that authentication and just supply the user's username and a dummy password in tomcat-users.xml

I was thinking of the possibility of creating a stripped down version of our production application that basically did this circumvention, but didn't require us to add a user's username everytime we wanted to see their account. That is essentially why i wanted to know if there was a way to use a wildcard in the tomcat-users file.

Is this not possible?

Hello,

I'm curious if it's possible to make some kind of modification to the tomcat-users.xml file that would allow me to provide a generic password for all users of a specific role. For example, instead of creating a new user record for every user with rold="client,user", i'd like to just have one user record for that role.

Essentially, i want to do something to the effect of this:
<user password="password" roles="client,user" username="*"/>

instead of creating something like this:
<user password="password" roles="client,user" username="user1"/> <user password="password" roles="client,user" username="user2"/> <user password="password" roles="client,user" username="user3"/>

Any direction you can provide would be greatly appreciated.

thanks!

Hello,

I have tomcat 5.5 set up for my web application with ssl working properly. I would like to redirect all http traffic to https. From my understanding, i should simply have to set the ssl connector to 443 and add 'redirectPort="443"' to the connectors for 80 and 8080 in the server.xml like this:

<Connector port="80" maxHttpHeaderSize="8192" maxThreads="250" enableLookups="false" redirectPort="443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> <Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />

I also added the following to the end of my web.xml (just before </web-app>), based on information provided in instructions I found online:
<security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>

As i mentioned above, the ssl is working properly, and I can browse to https://site.com, as well as http://site.com and http://site.com:8080. Unfortunately, the latter two do not redirect to the https://site.com addresss like I intend it to. Is there something I'm missing?

Thanks!