-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| The url is not changed when I point to
| http://www.mydomain.com/login.html in browser. The .html is mapped to
| servlet. I expected it to change to https://
I think David identified part of the problem: your XML is not set
Chris,
The url is not changed when I point to http://www.mydomain.com/login.html in
browser. The .html is mapped to servlet. I expected it to change to https://
So it is not secure to start as http and then switch to https to use the same
http session because session id to
Hello Dave, this is not exactly the answer you are looking for but I have been
concerned with public web security for a long time and I have finally resigned
myself to the fact that if you are using login pages that process user ids and
passwords and other confidential info that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| I moved the user-data-constraint inside the
web-resource-collection as the following:
|
|security-constraint
| web-resource-collection
| web-resource-nameAutomatic SLL
Hi Chris,
I moved the user-data-constraint inside the web-resource-collection as
the following:
security-constraint
web-resource-collection
web-resource-nameAutomatic SLL
Forwarding/web-resource-name
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| I tried the method, it worked.
| But when I tried to protect login page only,
|
| web-resource-collection
| web-resource-nameprotected
pages/web-resource-name
|
Hi Hazem,
Thanks,
I tried the method, it worked.
But when I tried to protect login page only,
web-resource-collection
web-resource-nameprotected pages/web-resource-name
url-pattern/login.jsp/url-pattern
/web-resource-collection
Hi Dave,
Try to add this to web.xml under tomcat_install_dir/conf:
/security-constraint
web-resource-collection
web-resource-nameProtected Context/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
!-- auth-constraint goes here if you requre
Christopher Schultz [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave wrote:
| I moved the user-data-constraint inside the
web-resource-collection as the following:
|
|security-constraint
|