I want to use HTTPS for my login page only, other part of application just uses HTTP, but it seems not to work.
I'm using container managed security with form base authentication, and set up the SSL, and configure the web.xml file. the application is working if I use http://localhost:8080/MyApp and also work with https://localhost:8443/MyApp.
but what I want is that whatever the user access by using HTTP, if the content need authentication, the tomcat will forward to login page withHTTPS. currently tomcat still use HTTP for the login page. I'm using tomcat 5.0.19
the following is the part of configuration in web.xml
Hello , To implement SSL in tomcat please configure server.xml file in tomcat to do this please read docs of tomcat . please see this security-manager-howto.html in adminstrator of tomcat docs.
Well to implement ssl please download jsse.from here http://java.sun.com/products/jsse/. and create certificates and configure server.xml please go through the tomcat docs and red SSL configure and follow the steps . Please do ask if u are not getting.
Joined: Nov 25, 2003
I implemented SSl in tomcat by following the steps mentioned in tomcat. please do ask.I will explain u well. Thanks
Joined: May 02, 2002
thanks Jasmine, maybe I give some scenario to recount the flow. I'm using form-based container managed security, and following the tomcat Security How-to docs exactly.
1. At first, user request a protected resources, for example http://localhost:8080/MyApp/protectedresource.jsp
2. container is aware that the requested resource is protected, need user to identify itself by forward the login page to user: https://localhost:8443/MyApp/loginform.jsp
3. At last, user key in correct ID/password, submit to container. the container authenticate the user, and forward to the original request, which is http://localhost:8080/MyApp/protectedresource.jsp
the problem is that point 2 did not happen to change HTTP to HTTPS, it still using HTTP, which is http://localhost:8080/MyApp/loginform.jsp, it is configured in web.xml loginform.jsp is CONFIDENTIAL.
I try another way, if user request URL https://localhost:8443/MyApp/protectedresource.jsp, MyApp is alway using HTTPS, never turn to HTTP.