Hi Ben, Unfortunately I not using any framework in the webapplication, just raw java scriplets and html (is a small webapp). Anyway thanks a lot by the links.
Cheers! - Pablo On 1/4/07, ben short <[EMAIL PROTECTED]> wrote:
Hi Joe, Have a look at the Acegi Security [1] stuff if your using spring. This will allow you to configure what paths require https and redirect the incomming requests if they are not https. There is a catalina project too [2] but im not to sure what that does, but you never know it might be of help. Regards Ben [1] http://acegisecurity.org/docbook/acegi.html#channel-security [2] http://acegisecurity.org/multiproject/acegi-security-catalina/downloads.html On 1/4/07, John Doe <[EMAIL PROTECTED]> wrote: > Chris, Chuck: > > Thanks a lot by the explanation. Looks like Tomcat (or maybe the > "Servlet specification"?) needs a mechanism to switch from https to > http when this access is declared by a <security-constrains> otherwise > is forcing programmers to always use programatic security to made this > switch; anyway we get paid to do this stuff ;-) > > May be a "workarround" is to use the rewrite filter located at > http://tuckey.org/urlrewrite/ > > Somebody is using it? is reliable? > > Cheers! > > - Pablo > > On 1/3/07, Caldarale, Charles R <[EMAIL PROTECTED]> wrote: > > > From: John Doe [mailto:[EMAIL PROTECTED] > > > Subject: from https to http? > > > > > _but_ when I want to go from "restricted.jsp" back to > > > "index.jsp" using the anchor defined in it the URL is > > > not replace by the standard "http" URL and then gets > > > stuck with a "https://localhost:8443/testSSL/index.jsp" > > > > To expand a bit on what Chris said: > > > > Look at the form of the link in restricted.jsp: > > > <a href="../index.jsp">Back to index</a> > > > > It's a relative link, so the browser (not Tomcat) resolves it based on > > the URL of the current page. The same happened when you went from > > index.jsp to ssl/restricted.jsp, except Tomcat recognized that ssl was > > controlled with a <security-constraint>, so it generated a redirect back > > to the browser with the http protocol and port replaced by https and the > > redirect port; the browser then made the actual https request. > > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete the e-mail > > and its attachments from all computers. > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]