> why two webapps ? In your web.xml, why not create a security-constraint
> element, with web-resource-collection for all your secure pages, in the
> user-data-constraint set the transport-guarantee as CONFIDENTIAL. Then
> https has to be used for all your secure pages.
this seems to be what I need, thanks. I put the following xml into my
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Client</web-resource-name>
<url-pattern>/client/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
does this look correct? I assumed that once this was in following a link
such as <a href=client/index.jsp> would automatically use the ssl port
or something. Nothing seemed to happen though :-( I just accessed the
page as normal.
Do I need to define user-roles etc as well maybe?
thanks for the help, at least I have something to look further into...
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
