try: if (!request.isSecure()) { // abort code here }
You can put this in a superclass of all your secure servlets if you like. Andy > -----Original Message----- > From: neal [mailto:[EMAIL PROTECTED]] > Sent: 16 January 2003 22:09 > To: Tomcat Users List > Subject: Require a secure connection > > > Does anyone know how to *require* that a page be accessed only > via a secure > connection? > > For instance, I *can* request a secure connection to a page by going to > "https://" and the url ... but how do I prevent a user from going to > "http://" to request that same page? > > Would this be a proxy thing or is something I can set in Tomcat? Is there > something that wouldn't require the overhead of reflecting upon > every single > request at the Java level? > > Thanks. > neal > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>