File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Declarative Security & SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Declarative Security & SSL" Watch "Declarative Security & SSL" New topic
Author

Declarative Security & SSL

Michael Fitzmaurice
Ranch Hand

Joined: Aug 22, 2001
Posts: 168
Hi all

I have a web app deployed in Tomcat. I would like to declaratively secure the application such that all pages are inaccessible unless the user successfully authenticates. This is easy enough. I would also like to use HTTP form authentication over SSL - this is also easy enough. However, what I would like to do (declaratively) is to use SSL only on the login page. If I do something like this in web.xml:



This means the user cannot access any page without authenticating, but it also means all pages are being served over SSL, which is not necessary for my application. However, I do want to protect the communication of the user's credentials with SSL, hence I want to be able to specify SSL for the login page. Is this possible declaratively, and if so, how?

Thanks

Michael
[ March 02, 2005: Message edited by: Michael Fitzmaurice ]

"One good thing about music - when it hits, you feel no pain" <P>Bob Marley
Rich Raposa
Ranch Hand

Joined: Dec 06, 2001
Posts: 46
I think it's as easy as putting the complete URL to the login page. Something like:

https://www.myhost.com/login.html

This is as opposed to just putting "/login.html" in web.xml.


Rich Raposa<br /><a href="http://www.javalicense.com" target="_blank" rel="nofollow">http://www.javalicense.com</a><br />Buy Java courseware -> get a free XBox!
Michael Fitzmaurice
Ranch Hand

Joined: Aug 22, 2001
Posts: 168
Hi Rich

Thanks for your response - I never thought to try that. Unfortunately, it doesn't seem to work; any path you put in the <form-login-page> element must start with a '/', so absolute URLs are not possible.

Does anyone else have any ideas?

Thanks

Michael
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Declarative Security & SSL