geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From toby cabot <t...@caboteria.org>
Subject jetty transport-guarantee behavior?
Date Mon, 30 Jan 2006 22:11:28 GMT
Hi Folks,

I've got an application that I'm running over HTTPS and I'd like to
make it so that users can't connect to it over plain old HTTP.  I
think that the web.xml user-data-constraint/transport-guarantee
element is what I'm after but I have a question about its behavior.
When I set it to CONFIDENTIAL and make a request over HTTPS then all's
well, and when I make the same request over HTTPS I get a 403.  I
suppose that this is OK, if somewhat user-hostile, but I can probably
work around it using a listener or some such.  I was poking around in
JettyConnector.java, however, and it looks like it's trying to
configure a few parameters to make Jetty automatically redirect HTTP
requests over to HTTPS, but I'm not getting that behavior.

So my question is: how do I enable the auto-redirect behavior?  Is
there a flag in a plan file that I need to set?

Thanks,
Toby

Mime
View raw message