On Jan 30, 2006, at 2:11 PM, toby cabot wrote:
Hi Folks, I've got an application that I'm running over HTTPS and I'd like to make it so that users can't connect to it over plain old HTTP. I think that the web.xml user-data-constraint/transport-guarantee element is what I'm after but I have a question about its behavior. When I set it to CONFIDENTIAL and make a request over HTTPS then all's well, and when I make the same request over HTTPS I get a 403. I suppose that this is OK, if somewhat user-hostile, but I can probably work around it using a listener or some such. I was poking around in JettyConnector.java, however, and it looks like it's trying to configure a few parameters to make Jetty automatically redirect HTTP requests over to HTTPS, but I'm not getting that behavior.
I have experienced this too and didn't find a solution. It looked to me as if it should work, but it didn't. On the other hand I couldn't convince myself that the spec required a redirect. Maybe a greg or another jetty expert can explain how it is supposed to work?
thanks david jencks
So my question is: how do I enable the auto-redirect behavior? Is there a flag in a plan file that I need to set? Thanks, Toby