tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Carlsson <>
Subject Login over ssl
Date Fri, 12 Nov 2004 10:13:50 GMT

I got a problem with securing a login-page. I would like the login-form to
be secured with ssl to ensure that the users credentials isn't easially
readable. But I have no need to put the rest of my page in ssl-mode.

I have posted the <security-constraint/> and <login-config/> below.
It seems like if the <security-constraint> named AQMFiles 02 isn't used at
all. Atleast all reqeusts that get interupted as the user isn't
authenticated is sent to /login.jsp as a  non-sll requests and doesn't get
redirected to ssl.

Must I put my whole web-app in ssl-mode to make sure that my users
credentials is secure?

Roland Carlsson

Ps: I apologize for the posting that got the wrong adress (Gothia), I should
learn not to talk in the phone and write mail at the same time. :-)

--------------- part of web.xml----------

    <display-name>AQMFiles 02</display-name>
    <display-name>AQMFiles 01</display-name>
   <realm-name>AQMFile login</realm-name>


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message