Hi I have been working with tomcat with a web site. There is a initial login page which sends the username and password to a servlet that checks them against a database. I want to have the informatin sent over ssl but then i want the user to be sent back to a none ssl page for the rest of the session. With out explicitly calling https:// and http:// within the redirects (ie i want all locations relative) how do i canfigure tomcat. I have configured it to the login page is on ssl but when the servlet sends the user back to a page that page is also ssl.
I have added this to my web.xml file <security-constraint> <web-resource-collection> <web-resource-name>DataPortal</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>DataPortal</web-resource-name> <url-pattern>/Login.html</url-pattern> <url-pattern>/servlet/LoginServlet</url-pattern> <http-method>GET</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> Also the second problem when i take off the Login page and off the CONFIDENTIAL section so a person goes to the login page and then enters the username and password, the information is sent to the server over ssl but my LoginServlet code cannot pick out the parameters passed to it??? Can anybosy help me with this Thanks glen -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>