Hello, how are you? I need help to configure a secure application. I am trying to request client certificate in only one page and force to use SSL in the entire application.
I put the following in the web.xml <security-constraint> <web-resource-collection> <web-resource-name>certificates</web-resource-name> <url-pattern>/certificates/add.action</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>CLIENT-CERT</auth-method> </login-config> If I add a new url pattern, this page will request client certificate too. How can I force to use SSL without require cliente certificate but still require it in a specific page? I hope that you can understand me. If you need more information or clarify something, please let me know. Thank you very much in advanced. Fabian --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]