Hi again, I thought about this a little more and I think what you're experiencing might be as a result of the RequestDispatcher.
When the RequestDispatcher "fowards" to a URL resource, it overrides the SSL/Authentication constraints you have setup. There is a way of getting around this (which also adds an additional layer of maintenance programming security in your code) by using Filters. Basically, in your web.xml you define a filter for your SSL protected pages: <filter> <filter-name>MyFilterClass</filter-name> <filter-class>my.package.MyFilterClass</filter-class> </filter> <filter-mapping> <filter-name>MyFilterClass</filter-name> <url-pattern>/ssl/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> Below is a sample implementation of the "doFilter" that takes care of the redirecting: public void doFilter(ServletRequest request, ServletResponse response, FilterChain arg2) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse rsp = (HttpServletResponse) response; rsp.sendRedirect(req.getRequestURI()); } I hope this helps! Justin > From: [EMAIL PROTECTED] > To: users@tomcat.apache.org > Subject: RE: Form Based Authenticattion - j_security_check does not redirect > from http to https > Date: Tue, 9 Dec 2008 03:28:10 -0500 > > > Hello, > > Have you tried adding "j_security_check" to your web.xml for patterns which > should be redirected to SSL? > > Regards, > > Justin > > > Date: Tue, 9 Dec 2008 00:17:36 -0800 > > From: [EMAIL PROTECTED] > > To: users@tomcat.apache.org > > Subject: Form Based Authenticattion - j_security_check does not redirect > > from http to https > > > > > > Hi, > > > > > > > > I am using Apache Tomcat Version 5.5.2. I am running it on Windows XP > > Professional Service Pack 2. > > > > > > > > I have a form based authentication for my application: > > > > > > > > […] > > > > <login-config> > > > > <auth-method>FORM</auth-method> > > > > <realm-name>Authentication Area</realm-name> > > > > <form-login-config> > > > > <form-login-page>/login.jsp</form-login-page> > > > > <form-error-page>/login.jsp?action=error</form-error-page> > > > > </form-login-config> > > > > </login-config> > > > > […] > > > > > > > > > > > > Also, I have redirected all my requests for port-80 to port-443. So, > > whenever I try to open a page in http, it automatically gets redirected to > > https. This is working fine for all the pages. > > > > > > > > Except, when I open the http://localhost/<APP_NAME>/j_security_check page it > > does not get redirected and stays on http. This is the only page showing > > this deviation in behavior. > > > > For example, the http://localhost/<APP_NAME>/security_check page gets > > redirected to https, and the same goes for my login page and all other pages > > in my app. > > > > > > > > Is this a known issue or is there a configuration that I am unaware of. > > > > > > > > Thanks a lot. > > > > > > -- > > View this message in context: > > http://www.nabble.com/Form-Based-Authenticattion---j_security_check-does-not-redirect-from-http-to-https-tp20910454p20910454.html > > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > _________________________________________________________________ > _________________________________________________________________