I need to secure my login page only, just to prevent the username/password
from being picked up.
What is the quickest and dirtiest way to do this?
I was thinking of something along the line of checking in my login.jsp for
request.isSecure() and then response.redirect()ing to https, but my login
form is on a tile in the middle of a layout and it gagged on my doing a
response.redirect in the middle of a <tiles:insert .../>
I've been told it doesn't have to be smart enough to prevent a user from
taking the "s" out of the "https" on the url. Oh, and I can't use:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
b/c I was told the server (of which I have no control over) doesn't support
it.
Your help is much appreciated!
J