wmueller wrote:
> I have a small web application. Some pages are free to visit for everyone
> but some other are only available after login (username/password). I try to
> make the login page and all other pages after the login to use https.
>
> you can think of a application structure like this:
>
> /public/page.xhtml
> /private/login.xhtml
> /private/morepage.xhtml
>
> while all pages under /public use http and all pages under private should
> only accessible with https
You should create a security constraint for the /private branch of the pages
in the web.xml file of your application. The following frangment should be
rather close to what you're looking for (/private/* require that user is
authenticated and are only available through a protected connection).
<security-constraint>
<web-resource-collection>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
On top of that, you'll naturally need to set up Tomcat so that it also
accepts https connections.
--
..Juha
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
