Hi, Take a look at http://sslext.sourceforge.net/
Regards, Janarthan S -----Original Message----- From: Janice [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 6:38 AM To: [EMAIL PROTECTED] Subject: need help securing my login page I need to secure my login page only, just to prevent the username/password from being picked up. What is the quickest and dirtiest way to do this? I was thinking of something along the line of checking in my login.jsp for request.isSecure() and then response.redirect()ing to https, but my login form is on a tile in the middle of a layout and it gagged on my doing a response.redirect in the middle of a <tiles:insert .../> I've been told it doesn't have to be smart enough to prevent a user from taking the "s" out of the "https" on the url. Oh, and I can't use: <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> b/c I was told the server (of which I have no control over) doesn't support it. Your help is much appreciated! J --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]