Try this: <security-constraint> <web-resource-collection> <web-resource-name>Secure servlet</web-resource-name> <url-pattern>/path/to/servlet/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Regards, D --- Jan Strauch <[EMAIL PROTECTED]> wrote: > Hello world! > > My problem : > > I want some of my servlets to be accessible only when HTTPS is used: > https:/<path to servlet> succeeds > http:/<path to servlet> gives an error > > The first step seems to work, but when i have logged in into the secure area, > load a page using https, delete the "s" and reload, the page is also loaded. > > How do i block the unsecured reload? > > I tried some of the hints for JSPs, but they seem not to work with servlets. > > My web.xml: > > <web-app> > <servlet> > <servlet-name>myServlet</servlet-name> > <servlet-class>myServlet</servlet-class> > </servlet> > ... more servlets... > <servlet-mapping> > <servlet-name>myServlet</servlet-name> > <url-pattern>path to myServlet</url-pattern> > </servlet-mapping> > ... more servlets... > </web-app> > > What security-constraints do i need, and where do i have to put them? > > Thank you > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]