tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Schroeder <has...@webtuitive.com>
Subject Re: SSL and Tomcat - can't secure individula pages
Date Fri, 21 Oct 2005 16:15:07 GMT
Greg Brownell wrote:

> My whole site, all pages, are redirected to port 443 - everything is
> secure.  I only wanted the *.htm and the single file login.jsp to use
> https.

> What am I doing wrong? I thought the <web-resource-collection> in
> <security-constraint> was there to identify which pages should be secure?

which pages *must* be secure -- other pages *may* be served securely.

If you are using URLs in your secure *.htm pages that don't specify
the protocol, e.g.,

  <a href="/nonsecure.jsp">go</a>

and that page is accessed via HTTPS, the actual URL is

  https://example.com/nonsecure.jsp

If you want it served as `http://example.com/nonsecure.jsp`, you'll
have to be more explicit about that URL...  :-)

HTH,
-- 
Hassan Schroeder ----------------------------- hassan@webtuitive.com
Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com

                          dream.  code.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message