Hello world!
My problem :
I want some of my servlets to be accessible only when HTTPS is used:
https:/<path to servlet> succeeds
http:/<path to servlet> gives an error
The first step seems to work, but when i have logged in into the secure area,
load a page using https, delete the "s" and reload, the page is also loaded.
How do i block the unsecured reload?
I tried some of the hints for JSPs, but they seem not to work with servlets.
My web.xml:
<web-app>
<servlet>
<servlet-name>myServlet</servlet-name>
<servlet-class>myServlet</servlet-class>
</servlet>
... more servlets...
<servlet-mapping>
<servlet-name>myServlet</servlet-name>
<url-pattern>path to myServlet</url-pattern>
</servlet-mapping>
... more servlets...
</web-app>
What security-constraints do i need, and where do i have to put them?
Thank you
