Hi,
I want to protect the admin parts of my app.
I have made a security-constraint on my admin folders, and all works
fine - calling for any page in admin gets redirected to a login form.
However, I'd like the login form to be encrypted.
I have been able to get all the admin pages running on https, but I
want just the login page on https, and the actual admin pages using
http.
Can anyone suggest how to do this. Here is what I have in my web.xml (
this setup doesn't use https at all ):
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/security/login.htm</form-login-page>
<form-error-page>/security/login_error.htm</form-error-page>
</form-login-config>
</login-config>
Adding a
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
uses https for all my admin pages.
TIA.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
