Hi Joe,
Have a look at the Acegi Security [1] stuff if your using spring. This
will allow you to configure what paths require https and redirect the
incomming requests if they are not https.
There is a catalina project too [2] but im not to sure what that
does, but you never know it might be of help.
Regards
Ben
[1] http://acegisecurity.org/docbook/acegi.html#channel-security
[2] http://acegisecurity.org/multiproject/acegi-security-catalina/downloads.html
On 1/4/07, John Doe <[EMAIL PROTECTED]> wrote:
Chris, Chuck:
Thanks a lot by the explanation. Looks like Tomcat (or maybe the
"Servlet specification"?) needs a mechanism to switch from https to
http when this access is declared by a <security-constrains> otherwise
is forcing programmers to always use programatic security to made this
switch; anyway we get paid to do this stuff ;-)
May be a "workarround" is to use the rewrite filter located at
http://tuckey.org/urlrewrite/
Somebody is using it? is reliable?
Cheers!
- Pablo
On 1/3/07, Caldarale, Charles R <[EMAIL PROTECTED]> wrote:
> > From: John Doe [mailto:[EMAIL PROTECTED]
> > Subject: from https to http?
>
> > _but_ when I want to go from "restricted.jsp" back to
> > "index.jsp" using the anchor defined in it the URL is
> > not replace by the standard "http" URL and then gets
> > stuck with a "https://localhost:8443/testSSL/index.jsp";
>
> To expand a bit on what Chris said:
>
> Look at the form of the link in restricted.jsp:
> > <a href="../index.jsp">Back to index</a>
>
> It's a relative link, so the browser (not Tomcat) resolves it based on
> the URL of the current page. The same happened when you went from
> index.jsp to ssl/restricted.jsp, except Tomcat recognized that ssl was
> controlled with a <security-constraint>, so it generated a redirect back
> to the browser with the http protocol and port replaced by https and the
> redirect port; the browser then made the actual https request.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
