you can use a <security-constraint> tag in your web.xml to enforce https connections:
| -- snip -- | <security-constraint> | <display-name>manager_access</display-name> | <web-resource-collection> | <web-resource-name>manager_pages</web-resource-name> | <description/> | <url-pattern>/secure/*</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | <auth-constraint> | <description/> | <role-name>manager</role-name> | </auth-constraint> | <user-data-constraint> | <description/> | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | </user-data-constraint> | </security-constraint> | -- snip -- | the <user-data-constraint> here does the trick with <transport-guarantee> set to CONFIDENTIAL. It'll try to switch to https automaticly now when accessing anything behind /secure on the server. Note this example required the user to have the "manager" role and this requires some more configuration (login config etc). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018886#4018886 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018886 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user