tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: redirect to insecure
Date Fri, 27 Aug 2004 10:43:47 GMT
No. There is no way to say the transport must be http (and not https).

You'll need a filter or code it into each resource that has that issue.

-Tim

Michael Eastwood wrote:
> Hi,
> 
> One part of a site I've done has automatic SSL redirection using the
> <transport-guarantee> element in web.xml to ensure SSL communication
> with the sensitive parts of site.
> 
> The other parts of the site I'd like not to be encrypted.  If I go to
> the secure part, however, then back to a non-secure part,
> the https:// remains (as I'm using relative URLs).  Is it possible to 
> configure
> these non secure sections to redirect to no encryption (so that a
> request to https://.../nonsecureservlet/ is redirected to
> http://.../nonsecureservlet/) without doing a protocol check all of my
> servlets or making all of my links absolute?  I've tried
> 
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>Automatic SLL
> Unforwarding</web-resource-name>
>             <url-pattern>/*</url-pattern>
>         </web-resource-collection>
>         <user-data-constraint>
>             <transport-guarantee>NONE</transport-guarantee>
>         </user-data-constraint>
>     </security-constraint>
> 
> to no effect.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message