I have an tomcat application. I want to use LDAP authentication. I have this working not problem.
When a user hits the site they are asked to login and they use the j_security method to do so. No problem. Now, when someone logs in they are using an unsecured login screen and there passwords are sent unencrypted. The solution! HTTPS, no sweat, i have this working to. The only problem I have is having the https and LDAP security in one application. Additionally i do not want to have every page locked by https, only the login screen that get called by the security constraint. EX directory structure: Https Secured pages and directories. /security/login.jsp /security/loginerr.jsp LDAP REalm Secured diretories /gigatronic/* /gigatronic/index.jsp so when a user hits /gigatronic/index.jsp they are asked top login because of the LDAP real copnfig. The pages used for the login I need in HTTPS. After a secure login it returns back to a regular http for the /gigatronic/index.jsp application. SO how can I use HTTPS for only the j_secutity login portion I specified in web.xml and enforce LDAP real for the rest of my app without have the whole app HTTPS. I tried specifying the HTTPS for my login but the app would not start. ex: <form-login-config> <form-login-page>https://www.blah.com/secure/login.jsp</form-login-page> <form-error-page>https://www.blah.com/secure/loginerr.jsp</form-error-page> </form-login-config> This did not work. Cheers -- View this message in context: http://www.nabble.com/j_secuity-check-and-https-tp20603453p20686814.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]