Two Laptop Bag*
The moose likes Tomcat and the fly likes Web App Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Web App Security" Watch "Web App Security" New topic
Author

Web App Security

Ankit Nagpal
Ranch Hand

Joined: Sep 09, 2008
Posts: 47

Hi,

I am using FORM based authentication for my web application. For implementing data integrity and confidentiality, i have used the following in the DD:

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

When I try to request a static HTML page by the following URL:

http://localhost:9080/AppName/first.html

this changes to

https://localhost:8443/AppName/first.html

and gives the error that page is unavailable. I know that it's trying to use HTTPS but why is this not working? Do I need to add something somewhere in my application?

BTW, I am using Tomcat 5.5 as server.

Thanks in advance.

[ September 27, 2008: Message edited by: Ankit Nagpal ]
[ September 27, 2008: Message edited by: Ankit Nagpal ]
Ankit Nagpal
Ranch Hand

Joined: Sep 09, 2008
Posts: 47

I found the solution to this problem, the SSL Configuration needs to be done on Tomcat. Steps are given in the link below:

Tomcat SSL Configuration - How To
 
Don't get me started about those stupid light bulbs.
 
subject: Web App Security
 
Similar Threads
transport-guarantee problem
Security constaint in J2ee 1.3 container - Web.xml
Webshere Authentication
Unable to get authentication and authorization working.
Force URL redirect from http to https?