I'm in a bit of a dilema If I need sticky HTTP sessions, then my hardware load balancer needs to have a ssl decoder to handle the https requests. However by doing that, how can I enforce container security for my web app when the request arriving at the servlet container is plain http ? How can I enforce exclusive https access this way ? Must I configure the in the firewall after the HW load balancer ? Or can I just don't worry about session stickiness in JBoss's clustered environment due its HTTPSession replication assurances ?
Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3899363#3899363 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3899363 ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
