Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

why my login page is not using SSL?

 
Lipman Li
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to use HTTPS for my login page only, other part of application just uses HTTP, but it seems not to work.

I'm using container managed security with form base authentication, and set up the SSL, and configure the web.xml file.
the application is working if I use http://localhost:8080/MyApp
and also work with https://localhost:8443/MyApp.

but what I want is that whatever the user access by using HTTP, if the content need authentication, the tomcat will forward to login page withHTTPS. currently tomcat still use HTTP for the login page. I'm using tomcat 5.0.19

the following is the part of configuration in web.xml


<security-constraint>
<display-name>login Constraints</display-name>
<web-resource-collection>
<web-resource-name>secureLogin</web-resource-name>
<url-pattern>/login/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/loginForm.jsp</form-login-page>
<form-error-page>/login/loginError.jsp</form-error-page>
</form-login-config>
</login-config>

 
Lipman Li
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
anybody knows how to do this?
 
Lipman Li
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
any one?
 
Jasmine kaur
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello ,
To implement SSL in tomcat please configure server.xml file in tomcat to do this please read docs of tomcat .
please see this security-manager-howto.html in adminstrator of tomcat docs.

Well to implement ssl please download jsse.from here http://java.sun.com/products/jsse/.
and create certificates and configure server.xml
please go through the tomcat docs and red SSL configure and follow the steps .
Please do ask if u are not getting.
 
Jasmine kaur
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I implemented SSl in tomcat by following the steps mentioned in tomcat.
please do ask.I will explain u well.
Thanks
 
Lipman Li
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks Jasmine, maybe I give some scenario to recount the flow.
I'm using form-based container managed security, and following the tomcat Security How-to docs exactly.
  • 1. At first, user request a protected resources, for example http://localhost:8080/MyApp/protectedresource.jsp
  • 2. container is aware that the requested resource is protected, need user to identify itself by forward the login page to user: https://localhost:8443/MyApp/loginform.jsp
  • 3. At last, user key in correct ID/password, submit to container. the container authenticate the user, and forward to the original request, which is http://localhost:8080/MyApp/protectedresource.jsp


  • the problem is that point 2 did not happen to change HTTP to HTTPS, it still using HTTP, which is http://localhost:8080/MyApp/loginform.jsp, it is configured in web.xml loginform.jsp is CONFIDENTIAL.

    I try another way, if user request URL https://localhost:8443/MyApp/protectedresource.jsp, MyApp is alway using HTTPS, never turn to HTTP.
     
    Jeff Osborn
    Greenhorn
    Posts: 8
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hay guys, has anyone solved this problem???

    Thank you in advance for the info,

    Jeff
     
    Jeena Jeen
    Ranch Hand
    Posts: 47
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I know this is very old post but did you by any chance found the solution for this problem? I am running into exactly same situation and i don't know how to handle this.
    thanks.
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic