Page History
Panel | ||||||
---|---|---|---|---|---|---|
Contents
|
Servlet Container Security Configuration
...
Example of the Connector element for HTTP:
Code Block | ||||
---|---|---|---|---|
| ||||
<Connector port="8080"
maxThreads="6" minSpareThreads="2" maxSpareThreads="5"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
|
Example of the Connector element for HTTPS (with keystore in /tomcat/conf/keystore
):
Code Block | ||||
---|---|---|---|---|
| ||||
<Connector port="8443"
maxThreads="6" minSpareThreads="2" maxSpareThreads="5"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
sslProtocol="TLS"
keystoreFile="/tomcat/conf/keystore"
keystorePass="changeit"
clientAuth="true"
truststoreFile="/tomcat/conf/keystore"
trustedstorePass="changeit" />
|
...
Here is an example of a security-constraint
element that requires HTTPS on the servlet classes EditProfileServlet, LDAPServlet, PasswordServlet, RegisterServlet
. I believe these are the only places where passwords are entered.
Code Block | ||||
---|---|---|---|---|
| ||||
<security-constraint>
<web-resource-collection>
<web-resource-name>Pages requiring HTTPS</web-resource-name>
<url-pattern>/profile</url-pattern>
<url-pattern>/register</url-pattern>
<url-pattern>/password-login</url-pattern>
<url-pattern>/ldap-login</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
|
...
Overview
Content Tools