Peddireddy Srikanth wrote:
Hi all,
I have a basic doubt If there are any resoursec which will me on this
please point me towards them. I will carry on from there.
My question is how to combine the form based authentication, where we use
"jsecuritycheck" , "jusername" etc with https.
As far as I know if we use form based authentication username and
password will be authenticated by the container managed resource
called 'jsecuritycheck". But the data transfer from client browser to
tomcat will be still a plain text. i want to encrypt this and
obviously i need to use https.
So how to combine both and how tomcat wil help me doping this??
Providing you have an https connector configured, you can use
something like this in your <security-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
See the spec for more details.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
