Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 53203 invoked from network); 17 Dec 2002 20:43:45 -0000 Received: from exchange.sun.com (HELO nagoya.betaversion.org) (192.18.33.10) by daedalus.apache.org with SMTP; 17 Dec 2002 20:43:45 -0000 Received: (qmail 12220 invoked by uid 97); 17 Dec 2002 20:44:43 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org Received: (qmail 12158 invoked by uid 97); 17 Dec 2002 20:44:42 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 12146 invoked by uid 98); 17 Dec 2002 20:44:42 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: Selecting which pages to use SSL with Date: Tue, 17 Dec 2002 14:43:03 -0600 Message-ID: <4606624A2A8ABE41AFBA5F8306F2ECB2727589@FTWMLVEM01.e2k.ad.ge.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Selecting which pages to use SSL with Thread-Index: AcKmDM+5vpbenIOAQPCHHVDiLJhHLw== From: "Cook, Christopher H (IndSys, GE Interlogix)" To: X-OriginalArrivalTime: 17 Dec 2002 20:43:19.0157 (UTC) FILETIME=[EE890250:01C2A60C] X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N The documentation supplied for tomcat that pertains to the configuration = of ssl states - "indeed a developer can pick and choose which pages require a secure = connection and which do not. For a reasonably busy site, it is customary = to only run certain pages under SSL, namely those pages where sensitive = information could possibly be exchanged. ... Any pages which absolutely = require a secure connection should check the protocol type associated = with the page request and take the appropriate action of https is not = specified." I have SSL set up in my application currently, so that any page I = request can either use https or http. How do restrict access to some = pages using http, while allowing others to use it? Basically how do I = implement the scenario's described in the above passage? Or where is = there documentation on this? Thanks, Chris -- To unsubscribe, e-mail: For additional commands, e-mail: