• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat and SSL

 
don cline
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All,

I would like to set up a stand alone tomcat with both HTTPS/SSL pages and HTTP non encrypted pages. Can anyone direct me to a good source or show me how to configure TOMCAT to support both. Of course, those pages that are encrypted should not be accessable through HTTP and those that are not encrypted should not be accessable through HTTPS.

Thus,
https://www.mypage.com/securepage/index.jsp
should not be accessable through
http://www.mypage.com/securepage/index.jsp

and
http://www.mypage.com/nonsecurepage/index.jsp
should not be accessable through
https://www.mypage.com/nonsecurepage/index.jsp

thanks in advance

Don
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Tomcat docs have a quite thorough page on setting up SSL.

Requiring SSL for a particular page can be done in the web.xml file, but disallowing SSL for a particular URL is not possible (unless you catch it in a servlet, and take appropriate action).
[ November 30, 2006: Message edited by: Ulf Dittmer ]
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It uses a URL based approach (configured in the web.xml) to identify the resources which are secure and which are not.

You can create a pattern for resources which require SSL support and which doesn't require SSL.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic