Hi, To secure some pages as suggested in http://wiki.dspace.org/index.php/ServletSecurity
I tried to implement the code : <security-constraint> <web-resource-collection> <web-resource-name>Pages requiring HTTPS</web-resource-name> <url-pattern>/profile</url-pattern> <url-pattern>/register</url-pattern> <url-pattern>/password-login</url-pattern> <url-pattern>/ldap-login</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> into [dspace]/jspui/WEB-INF/web.xml and found out that when click at My DSpace (which will usually bring up a password-login page), it came out that DSpace tries to bring up that page via https://localhost:7443/jspui/password-login which does not work in the system. Actually, I have already set the system to run thru Apache's mod_proxy as I still could not config Tomcat to bring up SSLEngine... Is there any other solution ? Please also note that using XMLUI does work when turn on 'xmlui.force.ssl = true', DSpace brings up https page in normal port(as configured by mod_proxy). After logged in, however, DSpace does not switch back to http, it continues to use https for subsequent pages. Is there a solution to this too ? -- Panyarak Ngamsritragul Prince of Songkla University. -- This message has been scanned for viruses and dangerous content by MailScanner. ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech