aspose file tools*
The moose likes Tomcat and the fly likes why my login page is not using SSL? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "why my login page is not using SSL?" Watch "why my login page is not using SSL?" New topic
Author

why my login page is not using SSL?

Lipman Li
Ranch Hand

Joined: May 02, 2002
Posts: 122
I want to use HTTPS for my login page only, other part of application just uses HTTP, but it seems not to work.

I'm using container managed security with form base authentication, and set up the SSL, and configure the web.xml file.
the application is working if I use http://localhost:8080/MyApp
and also work with https://localhost:8443/MyApp.

but what I want is that whatever the user access by using HTTP, if the content need authentication, the tomcat will forward to login page withHTTPS. currently tomcat still use HTTP for the login page. I'm using tomcat 5.0.19

the following is the part of configuration in web.xml


<security-constraint>
<display-name>login Constraints</display-name>
<web-resource-collection>
<web-resource-name>secureLogin</web-resource-name>
<url-pattern>/login/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/loginForm.jsp</form-login-page>
<form-error-page>/login/loginError.jsp</form-error-page>
</form-login-config>
</login-config>

Lipman Li
Ranch Hand

Joined: May 02, 2002
Posts: 122
anybody knows how to do this?
Lipman Li
Ranch Hand

Joined: May 02, 2002
Posts: 122
any one?
Jasmine kaur
Ranch Hand

Joined: Nov 25, 2003
Posts: 157
Hello ,
To implement SSL in tomcat please configure server.xml file in tomcat to do this please read docs of tomcat .
please see this security-manager-howto.html in adminstrator of tomcat docs.

Well to implement ssl please download jsse.from here http://java.sun.com/products/jsse/.
and create certificates and configure server.xml
please go through the tomcat docs and red SSL configure and follow the steps .
Please do ask if u are not getting.


jasmine kaur
Jasmine kaur
Ranch Hand

Joined: Nov 25, 2003
Posts: 157
I implemented SSl in tomcat by following the steps mentioned in tomcat.
please do ask.I will explain u well.
Thanks
Lipman Li
Ranch Hand

Joined: May 02, 2002
Posts: 122
thanks Jasmine, maybe I give some scenario to recount the flow.
I'm using form-based container managed security, and following the tomcat Security How-to docs exactly.
  • 1. At first, user request a protected resources, for example http://localhost:8080/MyApp/protectedresource.jsp
  • 2. container is aware that the requested resource is protected, need user to identify itself by forward the login page to user: https://localhost:8443/MyApp/loginform.jsp
  • 3. At last, user key in correct ID/password, submit to container. the container authenticate the user, and forward to the original request, which is http://localhost:8080/MyApp/protectedresource.jsp


  • the problem is that point 2 did not happen to change HTTP to HTTPS, it still using HTTP, which is http://localhost:8080/MyApp/loginform.jsp, it is configured in web.xml loginform.jsp is CONFIDENTIAL.

    I try another way, if user request URL https://localhost:8443/MyApp/protectedresource.jsp, MyApp is alway using HTTPS, never turn to HTTP.
    Jeff Osborn
    Greenhorn

    Joined: Jun 12, 2006
    Posts: 8
    Hay guys, has anyone solved this problem???

    Thank you in advance for the info,

    Jeff


    Jeff Osborn<br />Procelerate Technologies<br /><a href="http://procelerate.com" target="_blank" rel="nofollow">procelerate.com</a>
    Jeena Jeen
    Ranch Hand

    Joined: Feb 11, 2009
    Posts: 47
    I know this is very old post but did you by any chance found the solution for this problem? I am running into exactly same situation and i don't know how to handle this.
    thanks.
     
    With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
     
    subject: why my login page is not using SSL?