Pid
Regarding the login. I don't know what architecture you have but what your
asking is possible. what Peter indicated below is more likely.
It doesn't look like you are using spring but you might want to look at some of
the ways they do such this. I do know you can enforce the use of https in
either paths and/or beans (?a little vague there).
We don't have a https style redirect as we have a CAS server for authentication
but we do similar things with url redirects for our extra users. In effect if
not authenticated redirect to (as Peter said) to /login/
Gerwood
________________________________________
From: Pid [...@pidster.com]
Sent: Wednesday, 11 November 2009 12:51 AM
To: users@tomcat.apache.org
Subject: Re: Secure login only, not rest of app
On 10/11/2009 13:25, Robert Denison wrote:
> Thanks peter,
>
> Don't suppose anyone can point me to any documentation that talks about
> getting caching working properly for tomcat and static content can they?
It's not so much a case of Tomcat, unfortunately your app is also
affected by browser type, config, version etc.
Tomcat should handle serving static resources perfectly well, but you
can augment it if needed by employing a Filter that adds headers for
matching files/requests.
Checking the HTTP Headers that are actually being sent & received by the
major browsers is an essential step in tuning your app. Your access log
will show if files are being returned with HTTP 304 status or not.
Firefox has LiveHTTPHeaders and Firebug, IE has a plugin tool too.
I thought of an alternative, you could only enforce container based
security on a specific path "/login/".
Your Filter could redirect all unauthenticated users to the login app,
the index page (after successful login) just redirects to the app homepage.
if (logged in) {
if (https) goto http
} else {
redirect to "/login" // tomcat takes care of the HTTPS upgrade
}
p
> R.
>
> On 10 Nov 2009, at 13:14, Peter Crowther wrote:
>
>> 2009/11/10 Robert Denison<r...@blim.org>:
>>> I assume that the standard way of dealing with static caching is to have
>>> e.g. an images (css etc) directory and have that not secure?
>>
>> No, as on most browsers that will pop up a dialog box with something
>> like "this page contains both secure and insecure items. Do you want
>> to display the insecure items?"
>>
>> All content referenced from a secure page should be secure to prevent
>> this warning.
>>
>> - Peter
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
