Hello, Is it possible to configure Tomcat (4.1.x) in such a way that a request can be redirected automatically from HTTPS to HTTP port?
Let's assume that a Website has two separate (non-overlapping) sets of resources ("/non_secure_resources/* and "/secure_resources/* respectively) and web.xml descriptor defines the following security constraints: <security-constraint> <web-resource-collection> <web-resource-name>Non Secure Resources</web-resource-name> <url-pattern>/non_secure_resources/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Secure Resources</web-resource-name> <url-pattern>/secure_resources/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> Then any HTTP request matching "/secure_resources/*" will be automatically redirected (assuming that an SSL certificate is installed). However, HTTPS requests matching "/non_secure_resources/*" (i.e. "https://non_secure_resources/non-secure.jsp) are not redirected back to HTTP as I would expect from the first security constraint. The problem that I'm currently having is that some JSP pages under "/secure_resources" have links pointing to pages within the non-secure portion of the Website, i.e. "/secure_resources/secure.jsp" contains a link "<a href="/non_secure_resources/non-secure.jsp">). (Also, please notice that these links doesn't explicitly specify the protocol, i.e. "http://" because I don't want to hardcode the whole URL (some links are relative)). Considering this, when such a link is followed the protocol (HTTPS) is not changed back to HTTP. Does anyone know if there is a solution to this other than using absolute URLs with the HTTP protocol hardcoded in them? Thanks, Lukasz Szelag -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>