Hi. I have a problem with https, I will describe the environment
mi web.xml contains
<security-constraint>
<display-name></display-name>
<web-resource-collection>
<web-resource-name>privateSecured</web-resource-name>
<url-pattern>/segura/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name></display-name>
<web-resource-collection>
<web-resource-name>privateUnsecured</web-resource-name>
<url-pattern>/nosegura/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name></display-name>
<web-resource-collection>
<web-resource-name>publicSecured</web-resource-name>
<url-pattern>/login.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>iwb</realm-name>
<form-login-config>
<form-login-page >/login.html</form-login-page>
<form-error-page>/nosegura/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
my webapp
|--src (carpeta de fuentes)
|--doc (carpeta de documentos de analisis)
|--res (carpeta de recursos estaticos)
|--web
|--META_INF
|--WEB_INF
|--index.jsp (redirige a /nosegura/entrada.jsp)
|--login.html (pantalla de autentificacion)
|--segura (carpeta de jsp que quiero que sean seguras)
|------gestion
|------administracion
|----nosegura (carpeta de jsp que no quiero que sean seguras)
|-------UsuariosGrupos
|-------cabeceras y pie
|-------error.jsp
|-------entrada.jsp
|-------logoff.jsp (redirige a /nosegura/entrada.jsp)
Now I will explain my flow of requests to get into my application:
I have an index.jsp file as wellcome-file, that file only contain:
<% Response.sendRedirect (request.getContextPath () + "/ nosegura /
entrada.jsf")%>
entrada.jsf and is not sure and private, it does go private to the login screen.
The login screen is public but it is secured, so you should do it for https.
Here is the first problem, does not.
If I do server: port / application / login.html if you ask me the license, so
they understand that security-contraintes login if it works,
but it seems that the current flow does not request any login.html
The other problem is not going to https to http, if you do well from http to
https, but the reverse does not work.
I can not get pass from https to http
Any idea
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4221237#4221237
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4221237
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
