Hello Dave, in the future reply with more info and you will get better help. I will put an example at the bottom. I'm an old-school JSP guy and not a JSF guy but I understand that JSF files still end in (dot).jsp? If I'm right then the rules should apply where a security constraint is defined. You will have to use a <realm>. The Tomcat default install comes with an example that does this in server.xml. Use a JAAS realm or a LDAP realm for FORM based security.
<security-constraint></security-constraint> The path to your confidential pages need to be defined here. The warning comes (especially I.E.) because you do not have a CA CERT for ssl. You can generate your own CERT with the gentool. Again, the Tomat doco is your starting point: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html and http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#What%20is%20a%20Realm? Performance: JSF is about 50 to 500 times slower than JSP. See: http://mindprod.com/jgloss/jsf.html INFO: OS: Debian 3.1, Window 2003 server DB: Oracle 9i Tomcat: 5.5.x JDK/JRE: 1.6.x VM: Xen and VMWARE Topology: clustered TC with load balancer Logging: Log4j, commons-logging, system logs (examples etc. for exceptions). Dave wrote .. > For jsf page (myfaces), some data need to go through SSL such as bank > information. > For better performance, other pages(or forms) can use http. > > <h:form> ... </h:form> > > <h:form> ... </h:form> > > if a form may contain personal data, it should be summitted using https. > Also > we need to let user know it is secure by showing a lock and https://.... in > browser > address bar. > > How can I do this? > > sometimes The IE browser shows a warning: the page contains both secure and > nonsecure > data. what is the meaning? how to avoid the warning? > > Thanks for ideas. > Dave > > > --------------------------------- > Looking for last minute shopping deals? Find them fast with Yahoo! Search. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]