tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Schroeder <>
Subject Re: SSL and Tomcat - can't secure individula pages
Date Fri, 21 Oct 2005 16:15:07 GMT
Greg Brownell wrote:

> My whole site, all pages, are redirected to port 443 - everything is
> secure.  I only wanted the *.htm and the single file login.jsp to use
> https.

> What am I doing wrong? I thought the <web-resource-collection> in
> <security-constraint> was there to identify which pages should be secure?

which pages *must* be secure -- other pages *may* be served securely.

If you are using URLs in your secure *.htm pages that don't specify
the protocol, e.g.,

  <a href="/nonsecure.jsp">go</a>

and that page is accessed via HTTPS, the actual URL is

If you want it served as ``, you'll
have to be more explicit about that URL...  :-)

Hassan Schroeder -----------------------------
Webtuitive Design ===  (+1) 408-938-0567   ===

                          dream.  code.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message