tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From August Detlefsen <augustd...@yahoo.com>
Subject Force Non-SSL
Date Thu, 26 May 2005 00:04:29 GMT
In my webapp I force clients to use SSL encryption for logins with a
security constraint and transport-guarantee elements like this: 

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Login</web-resource-name>
        <url-pattern>/login/*</url-pattern>
      </web-resource-collection>

      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint>

However, once a user hits the login page, every subsequent page also
uses https. Is there a way to force them back to regular http once they
leave the login section? 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message