Chris, Of course that is not a Tomcat's job, but if exists a redirection from http to https I wonder why does not exists a reverse way in the "declarative security" mechanism provided by the servlet specification.
But like you point, there are not so many places where a programmer must resolve this kind of situations. Cheers! - Pablo On 1/4/07, Christopher Schultz <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pablo, John Doe wrote: > Thanks a lot by the explanation. Looks like Tomcat (or maybe the > "Servlet specification"?) needs a mechanism to switch from https to > http when this access is declared by a <security-constrains> otherwise > is forcing programmers to always use programmatic security to made this > switch It isn't Tomcat's job to guess when you want to go back to http, it's yours. It isn't very difficult to build a complete URL (including protocol) for a link. I would imagine that you have very few places in your application where you need to: 1. Switch from HTTP to HTTPS and 2. Switch from HTTPS to HTTP I recommend that you treat those as special cases and hand-code them as appropriate. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFnQT89CaO5/Lv0PARAgrAAJ9mC1jWsr5rYmD7El+d6OGO3rIJzACeOiN2 D2fSjZ+YlIfUXzaXatPV0Kg= =mxZ3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]