Try this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure servlet</web-resource-name>
<url-pattern>/path/to/servlet/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Regards,
D
--- Jan Strauch <[EMAIL PROTECTED]> wrote:
> Hello world!
>
> My problem :
>
> I want some of my servlets to be accessible only when HTTPS is used:
> https:/<path to servlet> succeeds
> http:/<path to servlet> gives an error
>
> The first step seems to work, but when i have logged in into the secure area,
> load a page using https, delete the "s" and reload, the page is also loaded.
>
> How do i block the unsecured reload?
>
> I tried some of the hints for JSPs, but they seem not to work with servlets.
>
> My web.xml:
>
> <web-app>
> <servlet>
> <servlet-name>myServlet</servlet-name>
> <servlet-class>myServlet</servlet-class>
> </servlet>
> ... more servlets...
> <servlet-mapping>
> <servlet-name>myServlet</servlet-name>
> <url-pattern>path to myServlet</url-pattern>
> </servlet-mapping>
> ... more servlets...
> </web-app>
>
> What security-constraints do i need, and where do i have to put them?
>
> Thank you
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
